In mid-April, experts at MalwareBytes published a report warning of cyber attacks against users of the popular Electrum
Since that analysis, cyber criminals have stolen other funds reaching USD $4.6 million, but the most concerning aspect of the story is that and the botnet they used continues to grow. On April 24, the botnet was composed of less than 100,000 bots, but the next day the number peaked at 152,000.
“Since our last blog, the amount of stolen funds has increased to USD $4.6 million, and the botnet that is flooding the Electrum infrastructure is rapidly growing.” reads the analysis published by MalwareBytes. “Case in point, on April 24, the
MalwareBytes also detected a previously undocumented tracked as Trojan.BeamWinHTTP that was used by crooks to deliver the ElectrumDoSMiner (transactionservices.exe).
The experts believe that there are many more infection vectors beyond the above loaders they discovered.
Most of the ElectrumDoSMiner infections were observed in Asia Pacific region (APAC), Brazil and Peru.
“The number of victims that are part of this botnet is constantly changing. We believe as some machines get cleaned up, new ones are getting infected and joining the others to perform DoS attacks.” continues the report. “Malwarebytes detects and removes ElectrumDoSMiner infections on more than 2,000 endpoints daily.”
Further technical details, including Indicators of Compromise (IoCs), are reported in the analysis published by MalwareBytes.