Eset, a Slovakian Software Security startup uncovered a fraudulent means of distributing a Monero(XMR) crypto mining module through YouTube. The firm reported that cyber criminals behind the Statinko Botnet; were taking advantage of the video content aggregation site to install crypto malware on victim devices.

Meanwhile, Eset also reported that the cyber criminals had expanded their cyber crime reach from social network fraud, password phishing, ad injection and click fraud; into this unpopular complex method of crypto-jacking.
Stantinko botnet has been active since at least 2012

The Stantiko botnet is alleged to have been active since 2012 and has been majorly targeting internet users in Ukraine, Kazakhstan, Russia and Belarus. However, predominant populations of these countries could have their computer systems CPU privately focused on mining Monero without their familiarity. Meanwhile, the cryptojacking malware installs itself through modules distributed across several YouTube Channels.

Eset reported that the crypto-jacking malware has infected approximately 500,000 devices. Additionally, the firm noted that the malware shares similarity with other malicious malware such as Dexphot. Microsoft discovered Dexphot after it had already infected more than 80,000 personal computers.

The crypto-hijacking tools usually code themselves into a computer system to steal processing resources, and ultimately taking over control of legitimate system processes. Finally, they disguise their operation with the ultimate focus of running crypto mining software on the infected devices.

After identifying the malware, Eset informed YouTube who responded by bringing down the channels that contained traces of the botnet.
Malware on Monero’s official website was stealing crypto

Nevertheless, Monero’s Core development team announced that the software download for monero might have been tampered with to help steal cryptocurrencies. Shack, a professional investigator confirmed the software distribution after cybercriminals compromised the server was actually malicious:
“I can confirm that the malicious binary is stealing coins. Roughly 9 hours after I ran the binary a single transaction drained the wallet. I downloaded the build yesterday around 6pm Pacific time.”