Malicious miner infected hundreds of thousands of computers in Russia, Ukraine and Belarus
A malicious crypto miner named CoinMiner.Stantinko was detected by ESET antivirus specialists. This module is another way of making money for botnet operators, experts are convinced. A distinctive feature of the crypto miner is the mechanisms that protect malware from detection. In particular, cybercriminals use a unique module for each individual victim. The attackers also thought of a way to communicate the miner with the pool - this does not happen directly, but through proxies, the IP addresses of which the malware receives from video descriptions published on YouTube. Moreover, CoinMiner.Stantinko can scan processes launched in the victim’s system to calculate an antivirus program among them. The miner module tries to work as inconspicuously as possible. For example, in order not to cause suspicion among the user, CoinMiner.Stantinko stops its activity if the device is running on battery power.