Rising from the Hashes – IoT Mining Botnets

Bitcoin’s steep climb at the end of last year and the boost it gave to other digital coins pushed cryptocurrency into the spotlight. Born from processing power, crypto assets have always been hot with cybercriminals looking to hide or launder illegal proceeds, steal them from digital wallets or just mint them using enslaved devices.

Most cryptocurrencies available are mineable by calculating hash values – an operation that takes data of any length and turns it into a string of a fixed size. The process requires significant computing resources and is carried out according to criteria that steadily increases in difficulty, making new coins harder to mine. Profit occurs when the costs for running the mining device are lower than the value of the coin.

Crooks have adopted this new monetary reward, sneaking malware onto systems under their control to solve the cryptographic challenge so they can take the spoils, with the victim footing the increased electricity bill. The most recent such event came over the weekend when a security researcher discovered a script that mined for Monero distributed to at least 4,000 websites, most of them handled by the US and the UK governments. As a consequence, visitors were unwittingly making money for the bad guys.

At the beginning of the month, Bitdefender published a report on Operation PZChao associated with an espionage group targeting important organizations in Asia and the US. One payload uncovered by the researchers was a Bitcoin mining component, showing that advanced threat actors are on the cryptocurrency bandwagon.

In April last year, a variant of Mirai stood out with a Bitcoin mining component, but the currency was already so difficult to “extract” that it was unlikely the project made a significant profit. Notwithstanding, the list of mineable coins is close to 900 at the moment, and it keeps growing, giving criminals plenty of options. Some mineware, like Monero, can run on Android, which is used on devices ranging from smartphones and tablets, refrigerators, mini PCs, cameras, in-car navigation systems, and gaming consoles to TVs and TV boxes.

Past events have proven that IoT gadgets can form an army strong enough to rattle the internet, and their masters are versatile in coming up with hijacking methods. Putting to work hundreds of thousands or even millions of devices to figure out the correct hashes and obtain an easier-to-mine, lower-ranked coin could turn into a feasible side business.

Even if you have no smart gadgets on the home network, as long as you have a router and a computing device, hackers could still use your power line to get their currency. Researchers have released demo code that tricks systems connected to a router in a public place to mine for digital money. With a few tweaks, you may not even notice the theft.

Image credits: www.pexels.com

Add Comment

Your email address will not be published. Required fields are marked *