Skip to content

Newly Exploited Malware Operates the NSA Exploiter Monero Mine, Over 500K Infected PCs

Smriptru infected over 526,000 computers using a NSA exploit, The Hacker News reported yesterday January 31st.

Researchers in software security of the cybersecurity company Proofpoint have detected a new global botnet called Smominru, also known as Ismo, which uses the EternalBlue exploit of the National Security Agency (NSA) to spread Monero mining malware. The EternalBlue exploit was leaked by the so-called Shadow Brokers hackers who would also be behind the widespread threat of 2017 WannaCry ransomware, according to The Hacker News.

Proofpoint reported that the Smominru botnet has infected computers since May 2017, taking approximately 24 Monero coins a day. To date, the botnet has managed to exploit about 8,900 Monero, about $ 2.1 million at the time of publication. According to researchers, the largest number of PCs infected with Smominru has been discovered in Russia, India and Taiwan

According to Proofpoint, cybercriminals are targeting a vulnerable version of Windows, also using an NSA protocol exploit called EsteemAudit.

According to, the experts also notified the SharkTech DDoS protection service where Smominru's command and control infrastructure was detected, but they did not get an answer .

As Cointelegraph reported 28, a massive attack of Monero-mining malware via online advertisements, mainly attributed to the controversial coinhive cryptocurrency and advertising platform , has touched a lot of users and online businesses around the world, including Youtube.