Hackers Spread YouTube Cryptojacking Malware


ESET has discovered cryptojacking malware that is being distributed via YouTube. The malware is based on the Stantinko botnet and its sole purpose is to use the victim’s computer to mine Monero (XMR).

27 November 2019 | AtoZMarkets – If you thought that the only way to get your computer infected with a crypto-jacking malware is to visit infected websites, then think again because now hackers are able to get to you through your favorite video-streaming website – YouTube.

Stantinko botnet distributes Monero crypto mining module via YouTube

That’s right, cybersecurity firm ESET has recently released a report that details how the notorious Stantinko botnet, initially discovered in 2017 but operating covertly since 2012 is now able to infect your machine with a crypto-jacking malware when you watch videos on YouTube.

The report states that as many as 500,000 machines have been infected around the world. Targeting users in Russia, Ukraine, Belarus, and Kazakhstan, it uses a YouTube channel to install a cryptojack module that mines Monero on the user’s CPU.

About cryptojacking malware

The tactics used by the botnet are similar to previous cryptojacking attacks. In fact, cryptojacking involves malware being installed on an unsuspecting person’s computer or device without their knowledge so that a hacker can mine cryptocurrency remotely. By so doing, the hacker can turn a profit by using the victim’s processing power, instead of his or her own.

What has made the Stantinko botnet so difficult to deal with, according to ESET’s report, is that each instance of the crypto-mining module that it installs is different.

“Due to the use of source level obfuscations with a grain of randomness and the fact that Stantinko’s operators compile this module for each new victim, each sample of the module is unique,” the report states.

YouTube has been informed

ESET said that it has been in contact with YouTube regarding the botnet and that the video streaming has since taken down the affected pages.

However, with the Stantinko botnet constantly on the move, and looking for ways to “expand the ways they leverage the botnet they control how long before it’s back for more?

Think we missed something? Let us know in the comments section below.

    Share Your Opinion, Write a Comment