Vigilante Botnet Infects Computers to Remove Cryptocurrency Malware

Crypto News | Latest News

Botnets have become increasingly powerful over the last few years, to the point where the US Department of Homeland Security admitted that they couldn’t face the problem alone and needed help from the white hat community.

Botnets consist of dozens, hundreds, or even thousands of internet-connected devices which are then used to carry out to send spam messages en masse or to launch distributed denial-of-service (DDoS) attacks, crashing online services. CCJ has reported before on how botnets infected millions of computers last year with cryptojacking software designed to siphon CPU power for and use it to secretly mine crypto for the malware owners.

A particularly notorious botnet called ‘Mirai’ famously hijacked IoT devices to mine Bitcoin – while IoT devices are individually extremely ineffective, Mirai is a particularly virulent piece of malware that infected thousands of devices in a short space of time to take small profits from all of them. While the term botnet understandably carries a malicious connotation, one botnet seems to be breaking the mold and is seemingly forcing its way into user computers without to infect them – with crypto antivirus software.

Security research firm Netlab released a report describing the malware which they have dubbed ‘Fbot’, a variant of the legitimate ADBminer software designed to mine cryptocurrencies.

“There are 3 interesting aspects about this new botnet:

  • First, so far the only purpose of this botnet looks to be just going after and removing another botnet com.ufo.miner.
  • Second, the bot does not use traditional DNS to communicate with the C2, instead, it utilizes block-chain DNS to resolve the non-stand C2 name musl.lib. (see below for details)
  • Third, this bot appears to have strong links to the original satori botnet.”

The botnet cleanses the ‘infected’ computers of the notoriously widespread cryptojacking malware and so far doesn’t seem to be leaving anything behind in its place, leading some to believe that the botnet may even be designed with that single benign purpose in mind.

However, it’s possible that there’s more to the software that meets the eye, or that it’s simply the first phase of a larger plan. The botnet could potentially be clearing competing crypto-malware only to pave the way for a fresh wave of attacks of its own, systematically eliminating the competition. Botnets take time, effort, and funding to operate which makes it hard to believe that an anonymous botnet could be working out there simply to help people.

Whatever the case may be, the botnet is perhaps the first malware to ever target vast swathes of devices and delete other malware without most users ever knowing, and it’s certainly worth keeping an eye on as times goes by.

The Mozilla Foundation has outlined new features on its Firefox browser to help enhance web performance and protect its users with a default blocker for cryptomining malware.

The Vice President of product, Nick Nguyen made it known on Thursday, August 30, 2018, that future versions of the open-source browser will by default, block crypto mining malware scripts.

“In the near future, Firefox will—by default, protect users by blocking tracking, while offering a clear set of controls to give our users more choice over what information they share with sites” – he wrote in the blog post.

While shedding more light on scripts that exploit an individual’s spare computer power to mine cryptocurrencies, he wrote:
“Deceptive practices that invisibly collect identifiable user information or degrade user experience are becoming more common.”

Nguyen also spoke about ‘trackers fingerprint users,’ a technique used to identify users by their device properties, as well as blocking websites who secretly deploy cryptomining scripts which the users are unaware of—practices which the Mozilla Foundation believes makes the “web a more hostile place to be.”

In a wider bid to prevent third-party tracking scripts from affecting user experience, future versions of Firefox will pay more attention to improving page performance. This new feature is being trialed on Firefox Nightly version and its success is expected to be consolidated in Firefox 65 version.

“We’ve already made this available for our Firefox Nightly users to try out, and we will be running a shield study to test the experience with some of our beta users in September. We aim to bring this protection to all users in Firefox 65, and will continue to refine our approach to provide the strongest possible protection while preserving a smooth user experience” – he noted on the blog.

Mozilla has toed the line of Google and Opera in introducing measures offering crypto miner protection for its users.

Cryptominer protection has already buoyed the desktop version of Opera. In January, the company announced its default crypto miner protect to the smartphone version of its browser. While Google is yet to release any official statement on the banning of third-party scripts found on its website, it is believed the company has already banned cryptomining apps from its Play store.

New malware which has recently been reported to gain control of Windows clipboard in order to swap out Bitcoin addresses. It’s already monitoring 2.3 million targets as reported by Bleeping Computer tech portal on June 30.

The malware which is known as a “clipboard hijacker” threat, secretly gains control of the victims computer memory and runs in the background to ensure the users do not notice his presence. It then proceeds to replace Bitcoin addresses that the user has copied on their clipboard with the addresses of the attacker, which the user unknowingly paste and sends their coins to.

Bleeping Computer explains, unless the user double checks the pasted address, they have no idea that the swap took place”. Bitcoin users face a variety of hardware vulnerabilities including Windows PCs, android smartphones, and other devices.

Staying up-to-date with the latest antivirus software is currently a users main defense against this problem, along with double checking destination Bitcoin addresses before transfers.

The notorious torrent index site The Pirate Bay has resumed using users’ CPU to mine Monero (XMR) on their website.

On July 4th, The Pirate Bay added a disclaimer at the bottom of their website which stated:

“By entering TPB you agree to XMR being mined using your CPU. If you don’t agree please leave now or install an adBlocker”

The Pirate Bay conducted a one-day trial back in September to test out mining Monero using visitors CPU’s. The website utilized a tool called Coinhive which allowed developers to include a simple script which would then use the website user’s CPU to perform mining which utilizes a significant portion of resources. Since October, The Pirate Bay has started using crypto-mining alongside advertisements on their website.

Although several users have claimed that they do not mind mining to support the website and viewed it as a healthy alternative to obstructive advertising, The Pirate Bay has been criticized for using resources without the consent of the user and has then suspended mining. Crypto-mining via the browser can cause a decrease in performance and can subsequently heat up the computer. It could also affect the longevity of the CPU.

Although there have been websites which use tools like Coinhive as a legitimate alternative to advertising while limiting the amount of CPU resources they use, Crypto-mining malware has become a lucrative option for hackers. Government websites, Automobile manufacturer Tesla and sites like Politifact have all fallen victims to such attacks. Users are advised to install extensions such as NoCoinand uBlock Origin to protect themselves from such malicious scripts.

Kaspersky Lab, a Russian cybersecurity firm, stated that there has been a significant shift from ransomware-related attacks to crypto-mining malware. The report stated that there has been a decline of 30% in ransomware whereas crypto-mining related malware increased by about 44.5% in a single year.

It is believed that the reason for such a massive shift was the fact that crypto-jacking was more discrete and profitable compared to ransomware leading to a massive increase in crypto-mining malware targeting both PC’s and mobiles.

In a similar research conducted by McAfee, an American cybersecurity company, it was revealed that crypto-mining related attacks increased by 600 percent in the first quarter of 2018 alone. Steve Grobman, CTO of McAfee, stated “With the rise in the value of cryptocurrencies, market forces are driving criminals to crypto jacking and the theft of cryptocurrency.”

Kaspersky Labs recently released a cyber security report that notates a significant decline in ransomware as compared to the growing increase of crypto jacking in a recent report published on June 27.

The report seeks to answer the question, “who wears the new threat crown within the cyber crime  world”. Crypto miners were recently able to gain popularity due to their discrete and modest way of making money utilizing user’s computer processing power.

According to the Kaspersky Lab report, which compared data from April-March of 2017 with data from April-March of 2018, a 30% loss in the amount of ransomware was found as opposed to a 45% gain in the amount of crypto mining attacks. The total amount of internet users affected by these crypto mining attacks are up to around 2.7 million.

Instead of using a one off payment achieved with ransomware, cyber criminals are now employing secret mining software that can benefit from stable and continuous flow of cryptocurrency funds.

Another cyber security report released this week from McAfee Labs notates that the use of crypto malware rose 629% in the first quarter of 2018, compared to the previous quarter in 2017.

The Kaspersky Labs report also notes that newer ransomware is requesting funds in Bitcoin, in exchange for unlocking infected computers. This being a significant change as opposed to fiat currency requests which was the typical means of payment last year.

Leave a Comment

Latest Crypto News

Gemini-Receives-Bitlicense-Which-Allows-Business-to-Operate-in-new-york

Cryptocurrency Exchange Gemini Eyes UK Expansion

Gemini, the U.S. cryptocurrency exchange founded by bitcoin billionaires Cameron and Tyler Winklevoss, is rumored to be eyeing an expansion into the United Kingdom. Gemini Plots Transatlantic Expansion Citing two sources close to the process,

Ripple Donates $2 Million to University of Texas to Fund Blockchain Initiative Program

What Pushed Ripple up 100% in a Week

In a supernormal rally that almost lost ethereum its silver spot, ripple (XRP) gained about 100 percent in a week. The maximum difference in XRP’s market cap between the week’s lowest and highest level turned

Coinbase Now Has Its Own Political Action Committee

Coinbase Firmly Denies Accusation of Proprietary Trading

Cryptocurrency exchange operator Coinbase has denied that it engages in proprietary trading and that these activities account for a large percentage of the firm’s overall trading volume. Yesterday an investigation into cryptocurrency exchange policies and

Pot Stocks Go Parabolic as Crypto Markets Cool

Pot Stocks Go Parabolic as Crypto Markets Cool

The cryptocurrency markets are nine months into a bear market, but the animal spirits that drove the bitcoin price to nearly $20,000 haven’t disappeared. Rather, it seems that they have found a new outlet —

Sign Up Below!
Airdroppin the Latest Crypto News, Trading Strategies, Tools, & Reviews



1
Bitcoin
Bitcoin
$6,395.93
-3.72%
2
Ethereum
Ethereum
$210.19
-10.77%
3
XRP
XRP
$0.4501
-14.13%
4
Bitcoin Cash
Bitcoin Cash
$430.33
-8.69%
7
Litecoin
Litecoin
$55.993
-4.78%
9
Cardano
Cardano
$0.076654
-10.64%
6
Stellar
Stellar
$0.2380
-10.40%
14
NEO
NEO
$17.351
-8.63%
5
EOS
EOS
$5.304
-8.03%
12
IOTA
IOTA
$0.5340
-6.89%

Crypto Guides & Tutorials

 Crypto Reviews

Subscribe to Our Social Media Daily Crypto Memes
Follow, Like, and Share Our Memes With The World


Pin It on Pinterest

Plus Free Crypto Trading Guides, Tutorials, Latest Crypto News,
and Altcoin Reviews. (Coming Soon: Pro Trading Signals)
SIGNUP FOR YOUR FREE
CRYPTO COIN JUNKY
HANDBOOK
DOWNLOAD NOW
We hate spam as much as you do. Unsubscribe anytime.
Plus Free Crypto Trading Guides, Tutorials,
Latest Crypto News, and Altcoin Reviews
(Coming Soon: Pro Trading Signals)
DOWNLOAD NOW
We hate spam as much as you do. Unsubscribe anytime.
SIGNUP FOR YOUR FREE
CRYPTO COIN JUNKY
HANDBOOK
Plus Free Crypto Trading Guides, Tutorials, Latest Crypto News,
and Altcoin Reviews. (Coming Soon: Pro Trading Signals)
SIGNUP FOR YOUR FREE
CRYPTO COIN JUNKY
HANDBOOK
DOWNLOAD NOW
We hate spam as much as you do. Unsubscribe anytime.
Plus Free Crypto Trading Guides, Tutorials,
Latest Crypto News, and Altcoin Reviews
(Coming Soon: Pro Trading Signals)
DOWNLOAD NOW
We hate spam as much as you do. Unsubscribe anytime.
SIGNUP FOR YOUR FREE
CRYPTO COIN JUNKY
HANDBOOK