What potato PCs does it run on?

that botnet is mining XMR?

hyc, your own fork of xmrig-proxy has the same problem in daemon support implementation as current master: xmrig/xmrig-proxy #380

cohcho: You linked to your own PR.

I didn't notice when picked line in auto suggest, it's 377 now.

extra nonce?

is that an IoT botnet? looks like slow mode mining (or a very low worker count)

anyway, since I PR'd the daemon code to xmrig upstream, I haven't maintained any of my forks

should prob just delete them now

tevador: I think it's a botnet of routers

which would generally have pretty low resources

my old netgear router had a memleak, needed to be rebooted after a few GB of traffic. was capacity-dependent, not time.

yeah, routers will probably run at <10 H/s per device

is it Citrix exploit?

probably

then it's routers

or is it? Where is Citrix deployed?

Normal server?

Or clients.

30kH/s is nothing since on any.run you can find active botnet with ~300KH/s at moneroocean

not so impressive to post it on twitter

it is impressively low

a lot of effort for such little reward

Isn’t Citrix program virtualization? I think we use it at work. How can they only get 30kH/s if it runs on servers lol

tevador github.com/tevador/RandomX/blob/mas….md#432-group-e-register-conversion - I cross-checked with the reference code and it's not bits 0-2, 3-6 of the exponent

Exponent is bits 52-62 and top 7 bits (out of 11 bits) are changed in the code

so it's "2. Bits 8-10" and "3. Bits 4-7"

total miners 28540

I suppose this number can be manipulated easily.

probably. its the only thing we've got though

sech1: I guess it depends on how you number the bits, not sure why I did MSB first

MSB bits have the highest numbers