International antivirus company ESET reported that hundreds of thousands of users in Russia, Belarus, Ukraine and Kazakhstan became victims of the Miner Virus. Specialists could not find a special module for cryptocurrency mining for years.
According to the company ESET, the mining module is distributed by the Stantinko botnet. This is a complex threat, active at least since 2012. The botnet has self-defense mechanisms that allow operators to remain undetected.
Stantinko is most often distributed through torrents and can disguise itself as pirated software. Previously, it was used for advertising fraud schemes: security experts said that over the past five years, the botnet infected more than 500 thousand computers in Russia (46%) and Ukraine (33%).
According to ESET, the crypto mining module is CoinMiner. Stantinko is carefully compiled for the new victim, so it is difficult to detect on the device. It is also able to contact with the mining pool through a proxy, the IP addresses of which are in the description of the videos on YouTube.