Trend Micro recently came across a botnet that turns an infected system into an involuntary Bitcoin miner. Bitcoin is a digital currency that uses peer-to-peer (P2P) networks to track and verify transactions. Bitcoins are generated by a free Bitcoin miner application.
The malware detected as BKDR_BTMINE.MNR installs the mining software onto affected systems. It uses the system’s resources to solve Bitcoin blocks in order to generate more Bitcoins.
A Bitcoin “block” is a complex cryptographic problem. Solving a block currently pays out 50 Bitcoins and blocks are created every time a Bitcoin transaction is made. The process of solving these blocks is called “mining”. The only way to solve a block is by brute-forcing, which eats up system resources. To speed up the computation of a block, mining pools are created. The equation is split up into pieces and is solved by multiple systems. The incentive is based on how much a miner contributes to the solution.
Here, BKDR_BTMINE.MNR installs three different mining software and runs whatever the system’s processing speed can allow. To help speed up the processing, the malware downloads necessary drivers for the GPU and CPU of the affected system. If blocks are solved, attackers gain ownership of the generated Bitcoins.
We also found another malware detected as BKDR_BTMINE.DDOS, which is a component of BKDR_BTMINE.MNR. BKDR_BTMINE.DDOS can perform distributed denial of service (DDoS) attacks on targeted entities. The malware can also obtain a list of targeted websites from remote sites. The DDoS component may be used to attack competing Bitcoin miners and limit their processing power. The malware also tries to communicate with a long list of IP addresses. A list of more than 2,000 IP addresses is hardcoded in the malware and is constantly updated upon execution.
Right now, Bitcoins are worth more than $8 each. With the value of Bitcoins constantly rising, the number of malware related to Bitcoin mining will inevitably increase as well. Because Bitcoins make use of P2P sharing, thecharges incurred are a lot lower compared to transferring money through banks or clearing houses. In addition to this, Bitcoin transactions are anonymous and they can be used anywhere, without limits. Bitcoin usage is gaining popularity in web transactions because of these advantages it also raises some security issues. To stay safe, encrypt all wallets as soon as they leave your system. Use a strong, unique password for wallet encryption.
Trend Micro protects product users from this attack via the Smart Protection Network by blocking all related files and URLs.
Leave a reply