Share this article
New Monero Botnet Looks Like Last Year's Outlaw Attack
A rogue botnet uses a brute force attack and Secure Shell (SSH) exploit to give the attackers remote access to victim’s systems in order to mine Monero.
By Daniel Kuhn
Updated Sep 13, 2021, 9:18 a.m. Published Jun 13, 2019, 8:00 p.m.
There’s another Monero mining botnet that’s targeting China. Or maybe it’s one we’ve seen before.
Bloggers steeped in the hacker-verse recently exposed a URL spreading a botnet that looks suspiciously like one unleashed by the Outlaw hacking group last year. The Outlaw outfit -- a name coined by its discoverers at Trend Micro, who translated “the Romanian word haiduc, the hacking tool the group primarily uses” -- is infamous for its previous release of a Perl-based shellbot that infiltrates through weaknesses in the Internet of Things.
STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
The new attack, uncovered by Trend Micro’s honeypot security systems, has been restricted to computers based in China so far. The malware is spread through a malicious URL which bundles in a Monero-mining script and a backdoor-based exploit.
Trend Micro estimates that hackers have used crypto-jacking to mine $250,000 per month in Monero.
The Outlaw botnet uses a brute force attack and Secure Shell (SSH) exploit to give the attackers remote access over victim’s systems. A more detailed report of Outlaw’s previous attack showed that once the attackers have access, the malware executes commands to download and install the cryptocurrency miner payload. Additionally, if the malware detects cryptocurrency miners already installed on the system, it will delete them to reduce competition for system resources.
The security experts also noted that the backdoor component is also capable of launching distributed denial-of-service attacks which would allow the cybercriminals to monetize their botnet not only through mining, but by offering DDoS-for-hire services.
However, because the scripts haven’t been activated, Trend Micro believes the hackers are still in the testing and development phase. They suggest the malware may be laying dormant until future editions of the botnet are released.
This comment lead TheNextWeb to speculate whether the botnet has mined any cryptocurrency or made any successful attacks yet.
Monero image via CoinDesk Archives
More For You
KuCoin captured a record share of centralised exchange volume in 2025, with more than $1.25tn traded as its volumes grew faster than the wider crypto market.
What to know:
- KuCoin recorded over $1.25 trillion in total trading volume in 2025, equivalent to an average of roughly $114 billion per month, marking its strongest year on record.
- This performance translated into an all-time high share of centralised exchange volume, as KuCoin’s activity expanded faster than aggregate CEX volumes, which slowed during periods of lower market volatility.
- Spot and derivatives volumes were evenly split, each exceeding $500 billion for the year, signalling broad-based usage rather than reliance on a single product line.
- Altcoins accounted for the majority of trading activity, reinforcing KuCoin’s role as a primary liquidity venue beyond BTC and ETH at a time when majors saw more muted turnover.
- Even as overall crypto volumes softened mid-year, KuCoin maintained elevated baseline activity, indicating structurally higher user engagement rather than short-lived volume spikes.
More For You
Internet Computer climbs back to $3 as short-term momentum improves
ICP pushed above the $3 level on rising activity, holding recent gains as traders reassess near-term direction.
What to know:
- ICP rose about 2.7% to roughly $3.00, reclaiming a closely watched psychological level.
- Trading activity increased during the move higher, accompanying the push through resistance near $2.95–$3.00.
- Price has since stabilized just above $3, keeping attention on whether the level can hold as near-term support.
Top Stories
