Novel Botnet Hunts Down and Destroys Crypto Mining Malware

Protection scientists have found a new botnet that, somewhat than posing a menace, seems to be trying to find out and destroying a type of crypto-mining malware.

Called Fbot, the botnet is a variant of just one called Satori, which is in flip dependent on Mirai – a software usually made use of for DDoS assaults. Unusually, the DDoS module seems to have been deactivated and as an alternative Fbot lookups for units infected with a distinct crypto-jacking malware and replaces it in the technique, the report says.

Discovered by the workforce at Qihoo 360Netlab, the variant seeks out a malware type dubbed com.ufo.miner – a variant of Android-dependent monero miner ADB.Miner.

Distributing alone by exploring for units with a distinct open up port, the botnet then utilizes a script to uninstall com.ufo.miner, if found. Fbot is programmed to scan and propagate, set up alone around the malware and ultimately self-destruct, the scientists say.

Also unusually, the botnet code is connected to a domain title obtainable, not via a regular domain title technique (DNS), but a decentralized alternate named EmerDNS that can make addresses tougher to trace and shut down.

The scientists said:

“The choice of Fbot working with EmerDNS other than conventional DNS is really interesting, it elevated the bar for stability researcher to obtain and observe the botnet (stability programs will are unsuccessful if they only search for conventional DNS names).”

It is not however distinct if Fbot has been established up by anyone with superior intentions or by a rival crypto-jacker trying to find to eliminate the competition.

The prevalence of crypto mining malware has shot up in the very last yr, in accordance to a variety of stability teams, and has been found globally on programs owned by enterprises and governments, as effectively as people today. Additional, the past crybercrime software of choice, ransomware, has now taken a back seat amid the surge.

In fact, IT stability organization Development Micro described in late August, crypto-jacking assaults spiked by 956 % from the to start with 50 % of 2017 to the to start with 50 % of 2018.

Between recent initiatives to counter the rising menace, Firefox said on Aug. 31 that its browsers will shortly instantly block crypto mining malware scripts. The Opera browser introduced equivalent safety for cell units in January.

Hat idea Bleeping Personal computer.

Cat and prey picture via Shutterstock

The leader in blockchain news, CoinDesk is a media outlet that strives for the greatest journalistic requirements and abides by a strict established of editorial insurance policies. CoinDesk is an independent operating subsidiary of Electronic Currency Group, which invests in cryptocurrencies and blockchain startups.


Please enter your comment!
Please enter your name here