00:41:44 <hyc> News Flash: someone is using supercomputers to mine monero randomX !!!#!!11
09:28:02 <sech1> https://twitter.com/BitTubeApp/status/1207730558161190912
10:24:22 <cohcho> https://twitter.com/Tzip0rit0/status/1207803569165832194
10:24:37 <cohcho> from there ^: "I feel left out since I don’t have a botnet for all this RandomX business. Who really benefits here?"
10:41:03 <cohcho> real example of randomx malware: https://twitter.com/JosephCoscia/status/1207587736267501570
10:42:22 <cohcho> "C:\ProgramData\WindowsTask\AMD.exe -o stratum+tcp://185.204.3.125:3333 -u AMD --donate-level=1 -k" from http://taskhostw.com/randomx/configAMDX.html
10:42:37 <cohcho> Ha,  botnets donates to miner developer
10:58:08 <cohcho> I've checked all miner configs from that taskhostw.com, here is the summary: cn/gpu(ryo), cn/r(sumokoin) and rx/0 (monero)
11:14:25 <wow-discord> <sech1> Botnet mining GPU coin, haha 😄
11:14:42 <wow-discord> <sech1> Who told us all the time that GPU algo is botnet free?
11:16:19 <cohcho> I've checked all stratum urls with real miner and according to seed_hash it was 100% monero, and according to height sumokoin and ryo accordingly.
11:18:24 <cohcho> It's interesting to check what randomx miner is being used, xmrig or not.
11:22:41 <tevador> if it has CN/R then antivirus can already detect it without randomx sniffer
11:27:41 <wow-discord> <sech1> Judging by command line, it's stock XMRig binary (but renamed)
11:28:41 <cohcho> It looks familiar for me too, but I need better proof.
11:31:13 <tevador> they probably use stock XMRig because they can download directly from github
11:31:30 <tevador> without a risk of getting blocked
11:32:11 <cohcho> that tweet has link to visualization of winapi calls of that binary, it has builtin miner withoun external downloading, you can check by yourself
11:33:52 <tevador> then I have no other explanation why they would use stock XMRig apart from laziness
11:35:48 <cohcho> I don't beleive that botnet operators are lazy people, It should very competitive market.
11:36:01 <cohcho> "survival of the fittest..."
11:37:36 <tevador> there is also low effort malware
11:37:41 <cohcho> s/It should/It must/
11:37:44 <tevador> you can find links weekly on bitcointalk
11:38:19 <cohcho> Do you mean phishing with fake miners like sech1 posted some time ago?
11:38:26 <tevador> yes
11:38:54 <cohcho> There is no data about cost and value per customer for this way of initial intjection.
11:39:57 <cohcho> I beleive total audience is too small.