Stantinko Botnets, The Latest Crypto Jacking Threat

Tarulika  |  Mar 20, 2020

Recently, the blog post of Malware analyst Vladislav Hrcka from cybersecurity firm ESET advocated the countermeasures against the infamous cyber crimes promoted by Stantinko botnet to evade detection.

Stantinko Botnets A Challenge For Cybersecurity Experts

Cyber Criminals always try to fish the funds of innocent investors in the crypto markets. But, as the popularity of bitcoin is increasing globally, researchers and analysts are unveiling the type of methods involved in cybercrimes and providing the guidelines related to cybersecurity. 

The botnet attacks, where the cluster of internet-connected devices getting infected by malware and facilitated the hackers to gain control over them, are terrorising the crypto space. One such infamous crypto mining botnet is Stantinko botnet majorly involved in malicious activities and employs ingenious methods to protect themselves from evasion.

ESET Firm Sheds Light on Methods Utilised By Botnets

Vladislav Hrcka, the Malware analyst from ESET (cybersecurity firm), explained about the techniques used by the criminal behind Stantinko botnets. He explained that almost half-million botnets are active since 2012, which mainly targets users of Russia, Ukraine, Belarus and Kazakhstan via malware embedded in pirated content. Initially, it involved the click frauds, ad injection, social network fraud and password-stealing attacks. But in 2018, it included crypto mining as the weapon with the Monero mining module.

The blogpost explained about the module utilised by botnets to evade the detection, hence making it difficult for cybersecurity tools and experts from detecting it. It described that one of the components could detect the security software and have the potential to shut down any competing crypto mining operations.

The element smoothly ends the process of mining and can avoid detection at the moment when the user starts the task manager to find out the reason for the slowed-down system. Cybercriminals use proxies, deploying IP addresses taken from the description text of any Youtube Video to maintain their anonymity.

Hrcka jotted down in his previous blog that the most striking feature of the module is how it is obfuscated, i.e. how the meaningful strings are designed and available in the memory when they are to be utilised. This feature can avoid the detection of an attack. Each sample of the module is unique due to randomness associated with source-level obfuscations, which creates more challenging to identify the cybercriminal and methods for cybersecurity.

Deobfuscation Can Avoid The Attacks

As per the ESET, it is difficult to get rid of the attack once you get infected as each component can reinstall itself. If the user completely deletes the plugins installed through the botnet, the problem can be eliminated.

On the technical front, it can be avoided by a method of deobfuscation, i.e. rearranging the code on the binary level to make the obfuscated code readable to reverse engineer and through the techniques like assembly manipulation and symbolic execution, the cybersecurity can be provided. Cybersecurity is all about the methods and practices than only about the products. Thus, it is essential to the system administrators to employ the security strategy based on the problems on the network.

You May Also Read.

    Related News