Malicious Crypto Miner Infects Hundreds of Thousands of Computers in Russia and Ukraine

Approximately 500,000 computers in Russia, Ukraine, Belarus, and Kazakhstan have fallen victim to the Stantinko botnet, which secretly installed a module for mining the Monero cryptocurrency. The malicious crypto miner, named CoinMiner.Stantinko, was discovered by experts at the antivirus company ESET. According to specialists, this module is yet another way for the botnet operators to profit.

One of the distinguishing features of this crypto miner is its advanced mechanisms for avoiding detection. In particular, cybercriminals use a unique module for each individual victim. The attackers also devised a clever way for the miner to connect to the mining pool—not directly, but through proxies whose IP addresses are obtained from video descriptions posted on YouTube.

Moreover, CoinMiner.Stantinko can scan running processes on the victim’s system to identify any antivirus programs. The miner module is designed to operate as stealthily as possible. For example, to avoid arousing suspicion, CoinMiner.Stantinko automatically stops its activity if the device is running on battery power.