Botnet Trend Report 2019-8

Botnet Trend Report 2019-8

August 31, 2020 | Adeline Zhang

The first nine months of 2019 saw sharp rise in the market prices of cryptocurrencies dominated by Bitcoin. Despite a fall in the fourth quarter, the prices remained high. Meanwhile, cryptojacking malware became active with the rise of cryptocurrency prices.

Cryptojacking Malware in 2019

In 2019, cryptojacking malware usually attacked targets by means of exploits. EternalBlue and other exploits targeting vulnerabilities in web frameworks were most frequently used by cryptojackers to compromise targets and spread themselves. Besides, weak password cracking against Oracle, MySQL, and other databases was also a common attack method.

In terms of the target sectors, finance and telecom were two favorite ones for cryptojacking malware. These sectors usually have a great number of high-performance servers and personal computers deployed to meet their business needs.

According to statistics, is the most frequently used mining pool address. Other infamous mining pools occupied a big share.

Most mining pools support Monero, an indirect indicator of the strong presence of Monero mining malware.

We identified these mining pools with IP addresses translated from their domain names and found that these mining pools were mostly located in North America and Europe, with only a small proportion in East Asia due to strict regulation and governance of Chinese, Japanese, and South Korean governments.

To be continued.