The Crypto Times
Image default
Government News

Security Firm Uncovers Stantinko’s Latest Fraudulent Activity Involving YouTube

Software security company ESET recently discovered dubious activity involving Stantinko. The botnet was distributing a Monero (XMR) mining program through YouTube. 

ESET, a major supplier of antivirus software, claimed in its latest report that the operators of Stantinko have bolstered their criminal repertoire. Aside from ad injection, click fraud, attacks to steal passwords, and social network scams, Stantinko operators are now installing crypto malware on the devices of their unsuspecting victims. 

Victim’s CPUs Mine Monero

The alleged malware is being distributed using YouTube. The notorious botnet reportedly utilizes YouTube channels to disseminate the crypto hijacking unit, which then mines the Monero cryptocurrency on their victim’s CPUs. 

Monero has been the botnet’s monetizing purpose since around August 2018. The cryptocurrency’s exchange rate has been vacillating between $50 and $110 this year. 

Stantinko has been around since 2012. It mainly focuses on users in European countries like Belarus, Kazakhstan, Russia, and the Ukraine. The crypto-robbing malware is said to have spread to about 50,000 devices. It has been likened to Dexphot, another malicious malware that’s been discovered recently. This virus was unearthed by Microsoft and has reportedly infected 80,000 or more computers. 

The cryptocurrency hijacking codes in Stantinko will steal the device’s processing resources, control the legitimate systems and hide the illegal activity. Its main purpose though is to run a crypto miner on the affected device. 

According to ESET, the Monero-mining module’s main feature is its capacity to obfuscate in order to avoid detection and analysis. Each sample of the cryptojacking module is unique, which adds another level of complication and makes it more challenging to discover. 

The malware uses source level obfuscations and incorporates it with a sliver of randomness. Stantinko’s operators then collate the module for every new victim to ensure each one is different. 

Stantinko operators are always creating and enhancing its custom modules. Since every module is heavily obfuscated, tracking every minor changes and improvement introduces is next to impossible. 

Modified Version of xmr-stak

ESET researchers noted that the bot’s crypto mining system is a modified-version of the xmr-stak open-source cryptominer. The bot’s creators have also dispensed of particular functionalities from the malware so it won’t be detected. ESET’s cybersecurity products detect this particular malware as Win{32,64}/CoinMiner.Stantinko.

ESET has since informed YouTube of their discovery. The video-sharing giant quickly reacted by shutting down all channels that showed even the minutest evidence that it carried the Stantinko code.

Monero has been having a challenging month. The crypto’s core development team reported that the available downloadable software on the company’s official website might have been compromised and set to steal crypto. This has been confirmed by a professional investigator.

Related posts

Head of Facebook Subsidiary Reassures Congress of Libra’s Cooperation

Viena Abdon

Goldman Sachs to Offer Bitcoin Investments to Clients

Miles

Samsung Goes Crypto

Viena Abdon

Kraken Sued for Allegations on Faulty Operations

Viena Abdon

CoinLaunch to Pay $50,000 Fine to the Ontario Securities Commission

Viena Abdon

Blockchain-based Journalism Network Civil Launches

Viena Abdon