Ethereum mining rigs are being targeted by the Satori botnet. In the past as well, there have been plenty of mining rigs which have been targeted by botnets.
A Huawei vulnerability is exploited by the botnet to enslave computers. This exploit was originally used by Mirai IoT botnet. Mirai was able to enslave millions of devices using the default credentials of the devices. On the other hand, its predecessors Satori used the Realtek SDK-based devices as well as the exploit which was used by Mirai in order to enslave hundreds of thousands of devices.
Even though the security teams were able to nullify and eliminate the server in December last year but a new variant seems to be on the loose. The variant is attached to the predecessor owing to the similar scanning capability as well as coding capability.
Currently, the botnet is actually targeting the Ethereum mining rigs. The latest variant of the botnet is known by the name of Satori.Coin.RObber and was spotted on 8th January this year. The modus operandi of the botnet is to scan the management port 3333 in order to find the mining rigs. Thereafter, the botnet would then replace the wallet address in the Claymore Miner Software with its own. Thus, the botnet would be able to connect to the payout which would allow it to produce a satisfactory hash rate as well.
Once the mining rig has been rigged by the botnet, 3 payloads are initiated. The 1st one gathers information about the mining by the lake whereas the other one replaces the wallet address and the 3rd one would be rebooting the host with the new address. This ensures that the Ethereum cryptocurrency which is mined is actually diverted to the newer wallet.
This problem is only pertaining to the Claymore mining software and therefore, it is important for the users of such software to always check the wallet in which the cryptocurrency is being collected. Moreover, it is important for them to always monitor their cryptocurrency rigs in order to ensure that there is no hacking attempt by the botnet. Even temporary disruption by the botnet can lead to a significant loss. Owing to this very reason, it is important for the mining rig users to always stay alert when it comes to mining Ethereum. Since this attack has been already witnessed in the New Year, you can be sure that the botnet is on the spread to exploit more and more Ethereum mining rigs.