On January 8, security researchers said that a new Satori botnet variant was found hacking into Claymore mining rigs, replacing the device owner’s mining credentials with the attacker’s own. Analysis of the malware’s code suggested that the same person is behind this variant and the original Satori bot.
According to the report, the new Satori variant (detected as ELF_MIRAI.AUSV and ELF64_MIRAI.D) keeps the original's exploits but adds a new one that does not target IoT and networking devices, unlike previous Satori payloads. The new variant scanned for port 3333 and deployed exploit code specific to Claymore cryptocurrency mining software. Moreover, the researchers said that Satori targets a vulnerability that affects the management interface of Claymore mining software, allowing attackers to interact with the device without needing to authenticate. The attacker then uses the access to change the Claymore mining configuration to one of his own to mine Ehtereum.
The perpetrator of the new Satori variant has reportedly made 1.0100710 ETH, or $980 in the past ten days from hijacked Claymore miners. Owners should review their mining configurations and make sure they’re running the most current version of the Claymore software.
A vulnerable home network exposes devices and owners' privacy to risk. Users can prevent a botnet infection with these security best practices:
Opt for devices that go beyond functionality and ease of use that is big on security and privacy.
Change the device’s default settings and credentials to make them less prone to unauthorized access.
Update software and firmware to prevent vulnerability exploits.
Enable the router’s built-in firewall to add an extra layer of security.
Trend Micro Solutions
Trend Micro™ Security and Trend Micro Internet Security protect users from this threat, with security features that can detect malware at the endpoint level. Security solutions like Trend Micro™ Home Network Security can check internet traffic between the router and all connected devices to protect IoT devices. Enterprises can use Trend Micro™ Deep Discovery™ Inspector, which is a network appliance that monitors all ports and over 105 different network protocols to discover advanced threats and targeted attacks.