Monero XMR Mining Group
Recommended Mining Software XMR-Stak Combined Miner (new. MineXMR.com - Monero mining pool v0.99 modded - thanks to the work of Matthew Little on. Topic: [XMR] Monero Mining (Read 251893 times) senne. Hero Member Offline Activity: 501. Re: [XMR] Monero Mining. January 10, 2017, 07:41:48 PM. Faucet for Monero that uses CoinHive Mining. The Mining Faucet. Some examples of uses for this could be if you and a group wanted to raise money. Last updated on December 4th, 2017 at 07:17 am Mining Monero: The Video Guide Similar to mining Zcash mining and Ethereum mining, Monero mining (aka XMR mining.
– Welcome to! Please read the following rules before posting. Rules • No 'FOR SALE' posts. Feel free to hawk your wares in or on - this means no group buys either. As common as it is in Bitcoin Mining, it is far too risky to be carried out over reddit. • No verbal abuse. If you don't have anything nice to say, it's best not to say anything at all.
Remember, we were all newbies once. Mining isn't exactly a trivial venture. • No Referral Links or Codes. No Amazon/eBay referral links. No mining pool referral links. No mining contract referral links. Top Monero XMR Mining Pools here. No referral links or codes, period.
• No Promoting New Altcoins. If there is a new alt coin out, this is not the place to discuss or promote it. If you have questions about mining that altcoin, feel free to ask as long as it is also somehow relevant to Monero. • No short-URLs. Nobody should have to trust you before clicking on a link. URL-shortener services serve no use on Reddit as there is nothing restricting the size of your comment string. • No begging.
Do not ask for other people to mine for your address. Do not beg for donations simply for lending a helping hand. • No shilling.
0-day/unverified accounts aren't allowed to promote anything. Guidelines • Anybody caught violating the rules will be banned. If you notice somebody abusing the subreddit rules,.
• All members of the MoneroMining subreddit are expected to read and follow the as well as the informal guidelines. • Likewise, all moderators of this subreddit follow the. • Now that all that is out of the way, we work hard to make this a welcoming, collaborative atmosphere. Feel free to ask questions, even if you think they are stupid.
We encourage you to. Related Subreddits & Forums Chats IRC: Other. It is a pleasure for us to announce the new release of xmr-stak 2.0.0. And me working the last few month to simplify mining and allow everyone to participate with their hardware. The most obvious change is that there is no longer need to download for AMD/NVIDIA and CPU independent miner.
You can mine on all architectures just from one pre- or self-compiled binary. During the first start you will be guided to configure the miner. XMR-Stak is now supporting Monero and Aeon without recompiling. Features • 10% boost to CPUs without hardware AES • Supports all common backends (CPU/x86, AMD-GPU and NVIDIA-GPU) • Supports all common OS (Linux, Windows and MacOS) • Supports algorithm cryptonight for Monero (XMR) and cryptonight-light (AEON) • Guided start (no need to edit a config file for the first start) • Automatic configuration for each mining backend • Allows to tweak each core or gpu by hand • Supports backup pools • TLS support • HTML statistics • JSON API for monitoring • Support the new stratum • Easy precompiled and portable Linux binary The miner is fully open source (GPLv3). This means each improvement can be reused by the community and you have always the possibility to verify the source code.
We are also raising funds for two new exciting projects to take Monero mining to a new level - see if you like them: • • • • •.
While the world is holding its breath, wondering where notorious cybercriminal groups like Lazarus or Telebots will strike next with another destructive malware such as WannaCryptor or Petya, there are many other, less aggressive, much stealthier and often very profitable operations going on. One such operation has been going on since at least May 2017, with attackers infecting unpatched Windows webservers with a malicious cryptocurrency miner. The goal: use the servers’ computing power to mine Monero (XMR), one of the newer cryptocurrency alternatives to Bitcoin.
To achieve this, attackers modified legitimate open source Monero mining software and exploited a known vulnerability in Microsoft IIS 6.0 to covertly install the miner on unpatched servers. Over the course of three months, the crooks behind the campaign have created a botnet of several hundred infected servers and made over USD 63,000 worth of Monero. ESET customers are protected against any attempts to exploit the CVE-2017-7269 vulnerability, even if their machines aren’t patched against it, as was. Why mine Monero and not Bitcoin? While far behind Bitcoin in market capitalization, Monero has several features that make it a very attractive cryptocurrency to be mined by malware – untraceable transactions and a proof of work algorithm called CryptoNight, which favors computer or server CPUs and GPUs, in contrast to specialized mining hardware needed for Bitcoin mining.
We can observe the exchange rate jumping up from 40 USD/XMR up to 150 USD/XMR over the past month, falling back to 100 USD/XMR. Candlestick chart of the XMR/USD exchange rate in August, 2017 The Cryptominer First seen in-the-wild on 26 th May, 2017, the malicious mining software is a fork of a legitimate open source Monero CPU miner called, version 0.8.2 (also released May 26 2017). When creating the malicious mining software, the crooks did not apply any changes to the original open source codebase apart from adding hardcoded command line arguments of the attacker’s wallet address and the mining pool URL, plus a few arguments to kill all previously running instances of itself so as not to compete with its new instance. This couldn’t have taken the cybercrooks more than just couple of minutes as suggested by the fact that we saw it in-the-wild on the same day the base version of xmrig was released. You can see the attacker’s modified cryptominer and its identification with the available source code in the figures below. Code comparison between original and adapted versions Scanning and Exploitation The distribution of the miner to victims’ computers is the hardest part of this operation, but even here, the attackers went for the easiest approach. There are two IP addresses that we identified as the source of brute-force scans for the vulnerability and both point to servers in the Amazon Web Services cloud.
The vulnerability exploited by the attackers was discovered in March 2017. It is a vulnerability in the WebDAV service that is part of Microsoft IIS version 6.0, the webserver in Windows Server 2003 R2. A dangerous buffer overflow in the ScStoragePathFromUrl function is triggered when the vulnerable server is processing a malicious HTTP request. In particular, a specifically crafted PROPFIND request leads to a buffer overflow due to a reallocation of double sized buffer when the count of Unicode characters is mistakenly provided instead of a byte-count.
A very detailed analysis of the mechanism by Javier M. Mellid can be found. This vulnerability is especially susceptible to exploitation, since it’s located in a webserver service, which in most cases is meant to be visible from the internet and therefore can be easily accessed and exploited by anyone. The payload comes necessarily in the form of an alphanumeric string. The attackers replaced the string leading to the execution of the Windows calculator from the proof-of-concept with one leading to the download and execution of their malicious payload. However, this didn’t require much sophistication either, as there are online tools like that help to convert any shellcode into the desired string. The shellcode is the expected download-and-execute action (downloading dasHost.exe from hxxt://postgre[.]tk/ into the%TEMP% folder).
Graph of infection waves over time Scanning is always done from one IP address, which seems to be a machine hosted on an Amazon cloud server that the attacker had rented and deployed their scanning software, and continue to use it to launch their attacks. Mitigation ESET detects the malicious binaries of the miner as Win32/CoinMiner.AMW trojan and the exploitation attempts at the network layer under the detection name webDAV/ExplodingCan.
This is a real-world example of a packet that would be blocked. Specifically crafted HTTP request with an encoded shellcode and did not release any patch for this vulnerability until June 2017, when several critical vulnerabilities for its older systems were discovered and brought to the attention of malware authors. The good news is that despite the end-of-life status of the system, Microsoft decided to patch these critical vulnerabilities in order to avoid large-scale destructive attacks similar to the WannaCryptor (aka WannaCry) outbreak. However, keeping Windows Server 2003 up-to-date might be difficult due to the fact that automatic updates don’t always work smoothly (e.g.
By Clint Boessen confirms our own troubles with updating the system). Consequently, many of these systems are still vulnerable to this day. We strongly advise users of Windows Server 2003 to apply and other critical patches as soon as possible (if automatic updates fail then download and install the security update manually!). Statistics Thanks to the mining pool stats being publicly available, we were able to see the combined hash rate of all victims, which represents the computing power dedicated to the mining account. The value seemed to consistently reach around 100 kilohashes per second (kH/s), with a surge of up to 160 kH/s in late August 2017, which we attribute to campaigns launched on August 23 and 30.
Overall, the infected machines were making approximately XMR5.5 daily by the end of August and have made over XMR420 in total over the course of three months. According to the exchange rate of 150 USD/XMR at the time, these values were equal to USD 825 per day and over USD 63,000 in total, respectively. Earning Bytecoin BCN Mining more.
The attackers were very active at the end of August but have gone quiet since early this month with no new infections coming in. Moreover, because the miner has no persistence mechanism, the attackers have slowly begun losing already compromised machines, and the total hash rate has dropped all the way down to 60 kH/s at the time of writing. This is not the first time the attackers took such a break and it is likely a new campaign will be launched in the near future. The total number of victims is not known to us, but can be estimated from the total hash rate produced by the attacker. According to the, a high-end consumer Intel i7 processor has a hash rate of around 0.3-0.4 kH/s.
However, considering the fact that the exploit is limited to systems running Windows Server 2003, which will most likely be running on older hardware with weaker CPUs, the average hash rate per victim will be much lower and the total number of infected machines probably much higher. Figure6: Statistics of the attackers’ wallet provided by the mining pool Conclusion We see that minimal know-how together with very low operating costs and a low risk of getting caught – in this case, misusing legitimate open-source cryptocurrency mining software and targeting old systems likely to be left unpatched – can be sufficient for securing a relatively high outcome. Sometimes it takes very little to gain a lot, and this is especially true in today’s world of cybersecurity, where even well-documented, long-known and warned about vulnerabilities are still very effective due to the lack of awareness of many users. IoCs Download Site: hxxp://postgre.tk hxxp://ntpserver.tk Source IPs: 54.197.4.10 52.207.232.106 18.220.190.151 Hashes: 31721AE37835F792EE792D8324E307BA423277AE A0BC6EA2BFA1D3D895FE8E706737D490D5FE3987 37D4CC67351B2BD8067AB99973C4AFD7090DB1E9 0902181D1B94646A089B1BDF428262 0AB00045D0D403F2D8F88C09BA4FEE A32A91FB766BA221F9A2DE3C06D173 9FCBE99C3BA077F7CB40 52413AE19BBCDB9339D38A6F305E040FE83DEE1B If you are interested in this topic you might also be interested in the following: Author and, ESET.