Stantinko Botnet Plays Behind the Veils of YouTube to Mine Cryptocurrency

Must Read

Basic Attention Token’s Brave Browser Added One-Click Wayback Machine Support

The Brave browser has, in their latest update, added a feature that is called the Wayback Machine. The...

What is Bitfoliex Exchange and What All Should You Know about It

Bitfoliex is known by many people as the Reputed multifunctional crypto-focused trading platform. The Digital Finance World 2019...

Samsung Backed Blockchain ID System Debuts in South Korean NH Bank

The NongHyup Bank of South Korea has just recently announced a blockchain-based mobile identification system. South Korea’s news...
Passport Size Photo
Pranav Menon
Pranav is is a writer for Thecoinrepublic. He is interested in researching conceptual topics that can be discussed in various dimensions to understand the same in-depth. His article writing experiences have thought him to understand the various stratas of a subject.

Stantinko Botnet Plays Behind the Veils of  YouTube to Mine Cryptocurrency

  • The program which is claimed to have affected several devices globally has engaged in crypto mining through behind the screens of Youtube.
  • Stantinko’s operators compile source-level obfuscations while attacking each victim, whereby creating a unique module in each attack.
  • CoinMiner.Stantinko makes the communication with the first mining proxy it finds alive.

Stantinko Botnet is an enormous module which is mainly utilized to install browser extensions which in turn are used to inject ad and perform click fraud to the infected computers.

As claimed by several researchers this malware could be used to take full control of the target systems eventually allowing cyber attackers to conduct various malicious activities

The present attack

The program which is claimed to have affected several devices globally has engaged in crypto mining through behind the screens of Youtube. The Botnet’s operators are presently aiming privacy-focused coin Monero, based on a report from ESET, a Cybersecurity Solution Provider.

The botnet has engaged in several other illegal activities to produce income including ad injection, click fraud, password-stealing attacks, and social network fraud. Some of their important Targets include users in Russia, Ukraine, Belarus and Kazakhstan from 2012, the period from which it is reported to be active.

ESET added that the module has the ability to confuse itself and prevent the same from detection. Stantinko’s operators compile source-level obfuscations while attacking each victim, whereby creating a unique module in each attack.

The researchers from ESSET also opined that Botnet’s Module can be classified as an advanced version of the xmr-stak open-source crypto miner. Modifications have been made in such a way to avoid any detections.

Apart from that, they added that ESET’s security products detect Malware as Win{32,64}/CoinMiner.Stantinko, which uses proxies whose IP addresses are obtained from YouTube Videos though they don’t communicate with the Mining pool directly.

However, at present, all the YouTube channels containing such videos are taken down based on the instructions of ESET.

CoinMiner.Stantinko makes the communication with the first mining proxy it finds alive. After which the hashing algorithm is downloaded from the mining proxy at the beginning of the communication which in turn is loaded into the memory.

The Stantinko group is able to vary this code in the process with each execution by downloading the hashing code

It is these changes that provide the module the capability to adapt to the variations in the algorithm of existing currencies and subsequently switch to mining other profitable cryptocurrencies.

Since the core of the module is downloaded and loaded directly into the memory, the part of the code is not saved in a Hard disk. This again is the method adopted to avoid detection by creating complications in the pattern of an algorithm.

At present, all moves of the Stantinko’s crypto mining module aims to mine Monero, based on the conclusion of an analysis made by the researchers of ESSET which came to such conclusions based on the jobs allotted by the mining proxy and the hashing algorithm.

The analysis revealed the usage of a hashing algorithm known as CryptoNight R, which however was of no use for the reason the same was a common algorithm used in most of the cryptocurrencies.

However, since obfuscation would affect the efficiency of the hash calculations, the hash algorithms are not obfuscated when compared to the rest of CoinMiner.Stantinko.

Prevention is better than cure

As stated above since this malware has the capability to have control over an entire computer, such systems will eventually have control over various advancements, whereby the dark sides of this such developments are used to favor the needs of such attackers.

Hot News

Basic Attention Token’s Brave Browser Added One-Click Wayback Machine Support

The Brave browser has, in their latest update, added a feature that is called the Wayback Machine. The Brave browser has now become...

What is Bitfoliex Exchange and What All Should You Know about It

Bitfoliex is known by many people as the Reputed multifunctional crypto-focused trading platform. The Digital Finance World 2019 and event that was organized...

Samsung Backed Blockchain ID System Debuts in South Korean NH Bank

The NongHyup Bank of South Korea has just recently announced a blockchain-based mobile identification system. South Korea’s news agency JoongAng Ilbo had released...

Tax Experts Now Want To Introduce Tax On Cryptocurrencies Too

The South Korean government is now planning to soon introduces a taxation policy for cryptocurrencies in its tax reform plans for the year...

CEO Of IOHK Is Disappointed By The Critics

IOHK is a technology company and can be found online at IOHK.io. He highlighted the fact of how Cardano is converging into the...

VERGE (XVG) Price Analysis: Verge Future Price In Growth Mode

The altcoin has finally turned green after facing pricing corrections for a while now.  With the bullish momentum, it is expected to cross...

What is Bitfoliex Exchange and What All Should You Know about It

Bitfoliex is known by many people as the Reputed multifunctional crypto-focused trading platform. The Digital Finance World 2019 and event that was organized...

Samsung Backed Blockchain ID System Debuts in South Korean NH Bank

The NongHyup Bank of South Korea has just recently announced a blockchain-based mobile identification system. South Korea’s news agency JoongAng Ilbo had released...

Tax Experts Now Want To Introduce Tax On Cryptocurrencies Too

The South Korean government is now planning to soon introduces a taxation policy for cryptocurrencies in its tax reform plans for the year...

CEO Of IOHK Is Disappointed By The Critics

IOHK is a technology company and can be found online at IOHK.io. He highlighted the fact of how Cardano is converging into the...

RELATED NEWS

Basic Attention Token’s Brave Browser Added One-Click Wayback Machine...

The Brave browser has, in their latest update, added a feature that is...

What is Bitfoliex Exchange and What All Should You...

Bitfoliex is known by many people as the Reputed multifunctional crypto-focused trading platform. ...

Samsung Backed Blockchain ID System Debuts in South Korean...

The NongHyup Bank of South Korea has just recently announced a blockchain-based mobile...