Bitcoin mining botnets returned

The team Aunt-Malware Her research Kaspersky Lab recognized two computers that have been "infected" with , τα οποία μυστικά εγκαθιστούν miners – νόμιμο λογισμικό που χρησιμοποιείται για την εξόρυξη (“mine”) εικονικών νομισμάτων βάσει της blockchain technology. botnets

In one case the researchers were able to calculate that one 4.000 computers can earn its owners up to $30.000 a month, and on another occasion researchers witnessed a jackpot exceeding $200.000 from a PC botnet 5.000 computers.

The architecture of Bitcoin and other cryptocurrencies suggests that in addition to buying cryptocurrency, the user can create a new currency unit (or coin) using computational power of computers that have specialized mining software. At the same time, according to the idea hidden behind cryptocurrencies, as many coins are produced, so much more time and computational power are needed to create a new currency.

A few years ago, malware secretly installed Bitcoin miners (which use victims' computers to mine coins for digital criminals), a common practice in the threat landscape, but the more Bitcoins that were mined, the harder it became to mine new ones and in in some cases this method was not useful: the potential financial benefit a criminal could get from a bitcoin mining attempt did not cover the investment required to create and distribute malicious but also the infrastructure support system.

However, the price of Bitcoin - the first and most popular cryptocurrency - which has been launched in recent years from hundreds to thousands of dollars for each currency, triggered a real "cryptocurrency fever" across the world. Hundreds of enthusiastic teams and startups have begun to present their own Bitcoins alternatives, many of which have also gained significant market value over a relatively short period of time.

These changes in the cryptocurrency market have inevitably caught the attention of digital criminals, who are now turning to fraud schemes that manage to quietly install cryptocurrency mining software on thousands of computers.

Based on recent research done by Kaspersky Lab specialists, criminals behind newly discovered botnets distribute mining software with adware programs, and their victims install it voluntarily.

Once the program is installed adware at of the victim, it "downloads" a malicious tool: The miner installer. This tool installs the miner and then performs some activities to confirm that the miner will work properly for as long as possible. These procedures include:

  • Trying to disable the security software.
  • Monitor all startup applications and suspend their own activities if you start a program that monitors system activities or current processes.
  • Ensure the presence of at least one mining software on the hard disk and restore it if it is deleted.

When the first coins are mined, they are transferred to electronic purses belonging to the criminals, leaving the victims with an unexpected sub-computer and slightly higher electricity bills than usual. According to Kaspersky Lab's comments, criminals are trying to farm two cryptocurrencies: Zcash and Monero. These particular currencies are likely to be selected because they provide a reliable way to keep anonymous transfers from and to the holders' electronic purses.

The first signs of return of malicious miners have been identified by Kaspersky Lab since December of 2016 when a company researcher Reported at least 1.000 computers were "infected" by malicious software, which mined Zcash - a cryptocurrency that was introduced at the end of October 2016.

During this period - thanks to the rapidly growing Zcash price - this botnet could bring its owners up to $ 6.000 a week. At that time, new mining botnets were predicted, with the results of recent research proving that this prediction was correct.

 "The biggest problem with malicious miners is that it is really hard to reliably detect such activity because malware uses fully legal mining software, which in normal condition could also be installed by a legitimate user. Another worrying fact we found when observing these two young people botnet, is that malicious miners become the same precious in the underground market. We have seen criminals offer the so-called "creators miner": Software that allows anyone who is willing to pay for the full version, create his own botnet extraction. This means that botnets which we have recently identified will not be the last ones"Said Evgeny Lopatin, a malware analyst at Kaspersky Lab.

In general, the number of users who have faced cryptocurrency miners has increased dramatically in recent years. For example, 2013, Kaspersky Lab's products protected around 205.000 users globally when attacked by such a threat. 2014, the number increased to 701.000 and the number of infected users in the first eight months of 2017 reached 1,65 million.

Number of users protected by Kaspersky Lab from malicious cryptocurrency miners from 2011 to 2017

In order to prevent their computer from turning into a power-harvesting zombie that works hard to win for criminals, Kaspersky Lab researchers advise users to take the following measures:

  • Do not install suspicious software from unreliable sources on your computer
  • The adware detection feature may be disabled by default in the security solution. Make sure you have it turned on
  • Use a proven online security solution to protect your digital environment from all possible threats, including malicious miners.
  • If you are using a server, make sure it is protected by a security solution, as servers are profitable targets for criminals because of their high computing performance (compared to the average computer)

Kaspersky Lab products detect and successfully block malware malware malware with the following crawling names:

  • RiskTool.Win32.BitCoinMiner.hxao
  • PDM: Trojan.Win32.Generic

More information on malicious mining botnets can be found on the dedicated website Securelist.com.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).