ElectrumDoSMiner
ElectrumDoSMiner is a botnet Trojan that uses your PC's hardware for launching DDoS attacks against Electrum client-using victims. The Trojan's delivery methods include various Trojan droppers, downloaders, and Exploit Kits, the latter of which may run through your browser. Have anti-malware protection available for removing ElectrumDoSMiner installations and be watchful for unusual network traffic and other issues associated with similar threats.
Mining with a Flood for a Climax
The same threat actors who are responsible for the en masse compromising of Electrum users' wallets via a recently-publicized vulnerability are switching gears to a new attack: crashing Electrum servers with floods of traffic. Their weapon of choice is ElectrumDoSMiner, which, despite its name, doesn't mine for cryptocurrency, but instead, takes over the PC for generating Distributed-Denial-of-Service or DDoS attacks. The feature effectively 'spams' the Electrum client's nodes with fake requests.
The ElectrumDoSMiner's campaign is emphasizing distribution throughout Southeast Asia, such as India, although malware researchers are confirming its presence worldwide as far away as South America. The defined infection mechanisms all use intermediary threats, such as:
- SmokeLoader is a Trojan downloader that can compromise your PC after you open a corrupted e-mail-transmitted file or access a hacked site with an unprotected browser.
- The RIG Exploit Kit or EK is a self-running package of drive-by-download exploits that makes use of outdated vulnerabilities in software such as JavaScript and Flash particularly significant, although it also can incorporate 'zero-day' ones without patches.
- The newest delivery method uses Trojan.BeamWinHTTP or Beam Loader, another Trojan downloader.
Since there are hundreds of variants of the executable delivering ElectrumDoSMiner, other infection vectors may be active but undocumented equally.
Stopping ElectrumDoSMiner from Striking Out at Others
ElectrumDoSMiner operates on the same philosophy as other DDoS botnet-based Trojans, such as the Spike Botnet or the Linuxian Elknot. Most of it payload focuses on targeting victims elsewhere after hijacking the infected PC's hardware. While it instigates unauthorized network activity and may cause slowdowns, hanging, or crashes, it doesn't cause symptoms for the user's notice intentionally.
Disabling some browser features, such as Java, JavaScript, and Flash, or enabling them only for trusted domains, can help protect your Web-browsing experience from the attacks of Exploit Kits. Updating your software will furthermore lower the number of vulnerabilities that are present for exploiting. Most anti-malware products should cover these and other infection vectors and will remove ElectrumDoSMiner as soon as they see it.
Most of the ElectrumDoSMiner's botnet is a recent development, but it's growing at a rate of thousands daily. Users of most versions of Windows may want to hold that thought in mind that before clicking on an e-mail attachment or using 'admin' for their password of choice.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.