Receive all Bitcoinist bitcoin mining botnet hack forums jays in Telegram! Evidence filed by multiple internet security companies have shown that the Satori botnet, a system of IoT devices which number in the tens of thousands, has been trying to infiltrate Ethereum miners through a 3333 port exploit. This specific port has often been a way in which miners can remotely control their mining equipment, a common practice with many miners today. However, the remote access characteristic of this port makes it a perfect attack for malicious hackers looking to make a quick buck.
Security researchers from Netlab, have found that the scans for exposed 3333 ports started on 11th of May and have tied some of the activity to the aforementioned Satori botnet. Do you see port 3333 scan traffic going up? DM4JTtXFo3, I personally like yesterday’s TXT result more pic. When Netlab released this announcement on Twitter, not much was known about this rise in this malicious activity. The Claymore Dual miner, which mines Ethereum and Decred simultaneously, is one of the most popular pieces of mining software for retail and corporate miners alike. Although there are no clear numbers on the issue, it would be safe to assume that many Ethereum miners use Claymore as their mining software of choice. The heavy use of Claymore sadly means more targets for the malicious botnet attacks.
This system of attack can effectively move all mining profits from the miner’s wallet to the attacker’s until the miner notices and corrects the issue. The attack on these IP addresses allowed for the botnets to take control of GPON routers. Considering the evidence shown, it seems that these newly hacked routers were used to search for openings on computers running the Claymore miner, so the malicious hackers at the other end could mine Ethereum for themselves. The source of this scan is about 17k independent IP addresses, mainly from Uninet SA de CV, telmex.