- The malicious actors are using an undocumented loader called ‘Trojan.BeamWinHTTP’ to download ElectrumDoSMiner botnet.
- The new malware loader is used to infect users in Brazil, Peru, and the Asia Pacific region.
The threat actors behind the DDoS attacks against Electrum Bitcoin wallet users have shifted to a new malware loader to launch a botnet named ElectrumDoSMiner. The botnet has been found compromising at least 152,000 machines to perform DDoS attacks.
What is the matter?
Researchers from Malwarebytes Labs’ have revealed that threat actors launched a series of Distributed Denial of Service (DDoS) attacks recently against Electrum developers who are trying to protect their users.
What is the change?
The malicious actors are using an undocumented loader called ‘Trojan.BeamWinHTTP’ to download ElectrumDoSMiner botnet and compromise machines. The botnet was previously launched using RIG exploit kit or Smoke Loader.
Experts have observed that the new malware loader is used to infect users in Asia Pacific region, Brazil and Peru.
“The number of victims that are part of this botnet is constantly changing. We believe as some machines get cleaned up, new ones are getting infected and joining the others to perform DoS attacks. Malwarebytes detects and removes ElectrumDoSMiner infections on more than 2,000 endpoints daily,” researchers wrote in a blog post.
How much have the threat actors earned?
It is estimated that the attackers have stolen over $4.6 million since the attacks targeting Electrum’s infrastructure have begun.
Experts claim that such threats against users of the popular Electrum Bitcoin wallet will continue to expand until the vulnerabilities in Electrum wallets are not patched. The attackers can exploit the vulnerabilities to trick unsuspecting users and steal millions of dollars.