Specialists from Cisco Talos have found the Prometei botnet, which used computer systems to extract Monero (XMR). It was reported in the company's blog.
Prometei is capable of disabling security controls, copying files, and disguising itself as other programs to set up illegal mining operations.
Specialists also saw attempts to steal passwords of administrators.
Prometei has been operating since the beginning of spring. Since then, it has allegedly infected up to 5,000 computer systems.
The specialists believe that the botnet was created by a pro developer from Eastern Europe, but the one who stands behind the attack could not be identified.
XMR began to be hiddenly mined on users' computers quite often. Recall that earlier the hacker group Blue Mockingbird hacked at least a thousand corporate servers to install a hidden miner for the Monero on them. You can read more in our article "1000 corporate servers mined Monero for hackers".