Electrum DDoS botnet infects 152,000 hosts

News by Rene Millman

Cryptominer uses new malware loader to evade detection

Hackers behind the DDoS attacks on Electrum Bitcoin users have managed to infect up to 152,000 hosts, according to security researchers.

In a blog post, researchers at Malwarebytes said that figure was reached earlier last week but has now plateaued at around the 100,000 mark. The botnet has been fuelled by two distribution campaigns (RIG exploit kit and Smoke Loader) dropping malware detected as ElectrumDoSMiner.

Researchers have now discovered a previously undocumented loader dubbed Trojan.BeamWinHTTP that is also involved in downloading ElectrumDoSMiner. So far, it has been estimated that the amount of stolen funds amassed by hackers could be as high as $4.6 million.

The botnet has largely been concentrated in the Asia Pacific region (APAC). For the Americas, most bots are located in Brazil and Peru, researchers said. However, the number of victims that are part of this botnet is constantly changing.

"We believe as some machines get cleaned up, new ones are getting infected and joining the others to perform DoS attacks. Malwarebytes detects and removes ElectrumDoSMiner infections on more than 2,000 endpoints daily," said researchers.

Victims infected with the malware "may experience slowdowns in internet speed as they are joined to a botnet that performs DDoS attacks", according to researchers.

They added that criminals have wasted no time in exploiting a vulnerability in Electrum wallets to phish unsuspecting users.

"What followed next with retribution attacks on Electrum servers was unexpected but logical, considering what is at stake. While these DDoS attacks have not been publicized much by mainstream media, they have undoubtedly caused millions of dollars in losses over the span of just a few months," they said.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews