Mining Botnets are Back

User Rating: 0 / 5

Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

The Kaspersky Lab Anti-Malware Research team has identified two botnets made of computers infected with malware, which silently installs cryptocurrency miners – legitimate software used to create (“mine”) virtual currencies based on blockchain technology.

In one instance researchers were able to estimate that a 4,000-machine network could bring its owners up to £22,731 ($30,000) a month, and in another instance researchers witnessed criminals jackpotting more than £151,538 ($200,000) from a 5,000-PC botnet.

Several years ago, the malware silently installing Bitcoin miners (that uses victim computers to mine currency for cybercriminals), was a common thing on the threat landscape, but the more Bitcoins that were mined, the harder it became to mine new ones - and at some point the process even became useless. However, the price of Bitcoin has been skyrocketing in recent several years from hundreds to thousands of dollars per coin, ignited a real “cryptocurrency fever” around the world. Hundreds of enthusiast groups and startups have started releasing their own Bitcoin alternatives, many of which also gained a significant market value in a relatively short period of time.

Based on results of recent research by Kaspersky Lab experts, the criminals behind the newly discovered botnets distribute the mining software with the help of adware programs, which victims are installing voluntarily. After the adware program is installed on the victims’ computer it downloads a malicious component: the miner installer. This component installs the mining software and, in addition, performs some activities to make sure the miner works for as long as possible.

As soon as the first coins are mined, they are transferred to wallets belonging to criminals, leaving victims with an oddly underperforming computer and slightly higher electricity bills than normal. Based on Kaspersky Lab observations, criminals tend to mine two cryptocurrencies: Zcash and Monero. These particular currencies are probably chosen because they provide a reliable way to anonymise transactions and wallet owners.

“The major problem with malicious miners is that it is really hard to reliably detect such activity, because the malware is using completely legitimate mining software, which in a normal situation could also be installed by a legitimate user. Another alarming thing which we have identified while observing these two new botnets, is that the malicious miners are themselves becoming valuable on the underground market. We’ve seen criminals offering so-called miner builders: software which allows anyone who is willing to pay for full version, to create their own mining botnet. This means that the botnets we’ve recently identified are certainly not the last ones”, said Evgeny Lopatin, malware analyst at Kaspersky Lab.


+44 (0) 1903 723 548

Microexpert Limited
Gratwicke House
10 East Street
West Sussex
BN17 6AW, UK

© 2018 Microexpert. Registered number 01755695.