Satori: the new malware family that affects cryptocurrencies


Satori is the name of a malware family. Maybe you heard the most famous Mirai of which Satori is a variation. It targets smart-tvs, IP-cams, routers,… Basically anything online. Its purpose is to turn these connected items into little and powerful botnet soldiers. Recently, a bunch of Chinese researchers found out that a modified version of Satori infects computers that mine cryptocurrencies.

How does Satori work?

This Satori malware takes control of the mining software Claymore Mining (that mines Ethereum). There is something that’s not clear yet: how? The methods this malware uses to gain control of the software are still unknown, all we know right now is the capacity of Satori to do configuration actions through 3333 port. It does not require any authentication in case the software is with default settings. What happens next? Once the malware has control of the software, the owner of computer finds his wallet address replaced with another address controlled by the attacker. Obviously, in this situation the owner of the PC does not get any benefit from the mining. It is now clear how the hacker can collect all the coins that come from the mining. In all of this, the owner does not know anything until he manually checks the configuration of his software.


Satori: the scenario

There are no clear boundaries yet: the diffusion of this Satori infection is still unknown. The only indication available is the generic information about the calculation data of the mining pool address, and this information constantly changes. This could be the starting point of a new trend of cyber threats. Someone could be inspired by this new way of attacking and start bigger campaigns similar to this one. These are hard times in terms of cyber attacks, just look at the Meltdown Spectre situation, Petya ,… Ransomware is one of the most recurrent words last year.

Satori and cyber threats: better be prepared

In order to assure to your business the best tool available, Swascan developed a special cybersecurity platform. It is completely in Cloud, Pay per Use and SaaS. You can see for yourself in our brochure: Cybersecurity platform and have an in-depth look at our services. Our four services cover all the governance needs in terms of risk management and periodic assessment. Basically, if you need to understand the areas in which your efforts must focus, GDPR Self-Assessment, Vulnerability Assessment, Network Scan and Code Review are the right tools for you. Last but not least, don’t forget GDPR: our platform is 100% GDPR compliant ( GDPR infographic ).

Records of processing activities
Data processing: risk for rights and freedoms

Cyber Incident Swascan Emergency

Contact us for immediate support

The undersigned, as data subject, DECLARES that I have read and understood the content of the privacy policy pursuant to Article 13, GDPR. AGREE to the processing of data in relation to the sending by the Data Controller of commercial and / or promotional communications relating to (i) own products / services, or (ii) products / services offered by third parties.
The consent given may be revoked at any time by contacting the Data Controller at the addresses provided in the aforementioned privacy policy.