A new cryptojacking botnet is spreading across compromised networks via multiple methods that include the EternalBlue exploit for Windows Server Message Block (SMB) communication protocol. The attacker s goal is to mine for Monero (XMR) cryptocurrency and enslave as many systems as possible for this task for increased profit. Researchers at Cisco Talos named the new botnet Prometei and determined that the actor has been active since March. In four months, they earned the threat actor less than $5,000, or an average of $1,250 a month.
Source: https://www.bleepingcomputer.com/news/security/new-cryptojacking-botnet-uses-smb-exploit-to-spread-to-windows-systems/