Introducing NoaBot, a formidable Mirai-based botnet that has been orchestrating a crypto mining campaign since the inception of 2023. Unveiled by Akamai security researcher Stiv Kupchik, this malicious entity showcases advanced features, including a wormable self-spreader and an SSH key backdoor, distinguishing it from its Mirai counterparts. The botnet, potentially linked to the Rust-based malware P2PInfect, utilizes an SSH scanner for lateral movement, employing dictionary attacks to exploit server vulnerabilities. NoaBot’s compilation with uClibc alters antivirus detection, presenting as an SSH scanner or a generic trojan rather than a typical Mirai signature. Notably, its deployment of a modified XMRig coin miner sets it apart, concealing crucial information such as the mining pool or wallet address, challenging security experts to assess the profitability of its illicit crypto mining activities. With 849 identified victim IP addresses across the globe, NoaBot’s strategic evolution underscores the adaptability of cyber threats in the ever-changing landscape of cybersecurity.