Affecting Windows machines across the globe, Smominru has been labeled as one of the most rapidly spreading botnet malware, as per a report by data center and cloud security company, Guardicore Labs. The infection rate of this computer malware has been detected to be up to 47,000 machines per day and in the month of August alone, it compromised almost 90,000 computers, according to the report.
While attacking, Smominru compromises Windows PCs by using the NSA exploit, EternalBlue and brute-force on various services like RDP, TELNET, MS-SQL, and others. The malware is configured to steal the target's credentials and then install a cryptominer and Trojan module to compromise the network. After establishing a foothold, the malware moves laterally to affect as many systems as it potentially can inside the targeted organization.
Reportedly, the US, Russia, China, Taiwan, and Brazil witnessed the maximum number of attacks, however, other countries remain equally vulnerable to the computer malware which saw an upsurge in recent times. To exemplify, we can look at the largest network targeted and hence compromised by Smominru, which was a healthcare provider in Italy, it left a total of 65 hosts affected.
The unspecified and non-targeted nature of the attacks was notable as the compromised networks ranged from medical firms to higher-education institutions, the victims infected by the malware included cybersecurity companies as well.
It has been discovered that around 85% of the attacks are carried out on Windows 7 and Windows Server 2008 systems, while, some others are observed to be taking place on Windows XP, Windows Server 2012, and Windows Server 2003.
Seemingly, the failure of company administrators to timely patch their computer networks and servers is one of the primary reasons for the networks being compromised, although for a lot of organizations, the inability is a result of logistical scarcity, for others, it's simply due to negligence and not being regularly updated with the requirements of the sector.