Smominru Monero mining botnet making millions for operators
Recently, Proofpoint researchers have been tracking the massive Smominru botnet, the combined computing power of which has earned millions of dollars for its operators. With the help of abuse.ch and the ShadowServer Foundation, we conducted a sinkholing operation to determine the botnet size and location of the individual nodes. The botnet includes more than 526,000 infected Windows hosts, most of which we believe are servers. These nodes are distributed worldwide but we observed the highest numbers in Russia, India, and Taiwan.