Security Affairs
JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

ElectrumDoSMiner botnet reached 152,000 hosts

Researchers at Malwarebytes are monitoring the evolution of the ElectrumDoSMiner DDoS botnet that reached 152,000 infected hosts. MalwareBytes researchers are closely monitoring attacks against users of the popular Electrum Bitcoin wallet, in particular, the evolution of the Electrum DDoS botnet. In mid-April, experts at MalwareBytes published a report warning of cyber attacks against users of […]

Researchers at Malwarebytes are monitoring the evolution of the ElectrumDoSMiner DDoS botnet that reached 152,000 infected hosts.

MalwareBytes researchers are closely monitoring attacks against users of the popular Electrum Bitcoin wallet, in particular, the evolution of the Electrum DDoS botnet.

In mid-April, experts at MalwareBytes published a report warning of cyber attacks against users of the popular Electrum Bitcoin wallet. According to the experts, crooks already netted over 771 Bitcoins, an amount equivalent to approximately $4 million USD at current exchange rates.

Since that analysis, cyber criminals have stolen other funds reaching USD $4.6 million, but the most concerning aspect of the story is that and the botnet they used continues to grow. On April 24, the botnet was composed of less than 100,000 bots, but the next day the number peaked at 152,000.

“Since our last blog, the amount of stolen funds has increased to USD $4.6 million, and the botnet that is flooding the Electrum infrastructure is rapidly growing.” reads the analysis published by MalwareBytes. “Case in point, on April 24, the number of infected machines in the botnet was just below 100,000 and the next day it reached its highest at 152,000, according to this online tracker. Since then, it has gone up and down and plateaued at around the 100,000 mark.”

The experts already monitored two malware campaigns respectively leveraging the RIG exploit kit and the Smoke Loader to deliver the ElectrumDoSMiner.

MalwareBytes also detected a previously undocumented tracked as Trojan.BeamWinHTTP that was used by crooks to deliver the ElectrumDoSMiner (transactionservices.exe).

The experts believe that there are many more infection vectors beyond the above loaders they discovered.

Most of the ElectrumDoSMiner infections were observed in Asia Pacific region (APAC), Brazil and Peru.

ElectrumDoSMiner

“The number of victims that are part of this botnet is constantly changing. We believe as some machines get cleaned up, new ones are getting infected and joining the others to perform DoS attacks.” continues the report. “Malwarebytes detects and removes ElectrumDoSMiner infections on more than 2,000 endpoints daily.”

Further technical details, including Indicators of Compromise (IoCs), are reported in the analysis published by MalwareBytes.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – ElectrumDoSMiner, botnet)

[adrotate banner=”5″]

[adrotate banner=”13″]