Security researchers have discovered that the Smominru malware-infected 90,000 machines worldwide during the month of August, with an infection rate of up to 4,700 computers per day.
In its post-infection phase, it steals victim credentials, installs a Trojan module and a cryptominer and propagates inside the network, according to researchers from Guardicore, a data centre and cloud security company.
The botnet uses several methods to propagate, but primarily it infects a system in one of two ways — either by brute-forcing weak credentials for different Windows services, or more commonly by relying on the infamous EternalBlue exploit, cybersecurity firm Kaspersky said in a blog post last week.