Connect with us


An unusual botnet destroys hidden crypto-currency miners



Specialists in the field of cyber security have discovered a new botnet, which instead of malicious actions searches for and destroys programs for hidden mining. This is reported by CoinDesk .

Botnet called Fbot is a variation of the so-called Satori, which in turn is based on the Mirai program. The latter is often used for DDoS attacks. However, in the case of Fbot, the module for DDoS attacks is deactivated and replaced by the device search function with the software installed for hidden mining.

The new botnet was investigated in detail by the Qihoo 360Netlab team. As noted in their blog, Fbot is looking for a malicious program called com.ufo.miner, which is a variation of the Monero miner called ADB.Miner. The latter is aimed at devices under the Android operating system.

The program is distributed through open ports, and then deletes com.ufo.miner if it finds it. Fbot is programmed to scan the network, spread over it, install over malicious software, and then self-destruct.

It is noteworthy that the botnet uses a decentralized alternative to EmerDNS instead of the standard Domain Name System (DNS). Because of this, the address is harder to track and close.

"Choosing Fbot in favor of EmerDNS instead of the traditional DNS is quite interesting. This raised the bar for cybersecurity experts who find it difficult to track such a botnet (security systems can not cope because they are only searched for traditional DNS names) , "the researchers note.

It is not yet clear whether Fbot was created with good intentions, or to eliminate competitors in the market.

According to Trend Micro researchers, during the first half of 2017, the number of cases of unauthorized cryptomoney detection increased by 956% .

Previously BlockchainJournal reported that new versions of the Firefox browser will be equipped with protection against hidden mining. Previously, the built-in blocker of the miners appeared in the Opera browser .

Subscribe to BlockchainJournal news on Twitter !

<< aside id = "unisender_subscribe_form-10" class = "widget unisender_form">