이 기사 공유하기
Novel Botnet Hunts Down and Destroys Crypto Mining Malware
A newly discovered botnet is seeking out and removing crypto-mining malware, but why it has been created is still unknown.
작성자 Daniel Palmer
Security researchers have discovered a new botnet that, rather than posing a threat, seems to be seeking out and destroying a type of crypto-mining malware.
Called Fbot, the botnet is a variant of one called Satori, which is in turn based on Mirai – a program normally used for DDoS attacks. Unusually, the DDoS module seems to have been deactivated and instead Fbot searches for devices infected with a specific crypto-jacking malware and replaces it in the system, the report says.
STORY CONTINUES BELOW
Discovered by the team at Qihoo 360Netlab, the variant seeks out a malware form dubbed com.ufo.miner – a variant of Android-based monero miner ADB.Miner.
Distributing itself by searching for devices with a specific open port, the botnet then uses a script to uninstall com.ufo.miner, if found. Fbot is programmed to scan and propagate, install itself over the malware and ultimately self-destruct, the researchers say.
Also unusually, the botnet code is linked to a domain name accessible, not through a standard domain name system (DNS), but a decentralized alternative called EmerDNS that makes addresses harder to trace and shut down.
The researchers said:
"The choice of Fbot using EmerDNS other than traditional DNS is pretty interesting, it raised the bar for security researcher to find and track the botnet (security systems will fail if they only look for traditional DNS names)."
It is not yet clear if Fbot has been set up by someone with good intentions or by a rival crypto-jacker seeking to remove the competition.
The prevalence of crypto mining malware has shot up in the last year, according to various security teams, and has been found globally on systems owned by enterprises and governments, as well as individuals. Further, the previous crybercrime tool of choice, ransomware, has now taken a back seat amid the surge.
Indeed, IT security firm Trend Micro reported in late August, crypto-jacking attacks spiked by 956 percent from the first half of 2017 to the first half of 2018.
Among current initiatives to counter the rising threat, Firefox said on Aug. 31 that its browsers will soon automatically block crypto mining malware scripts. The Opera browser launched similar protection for mobile devices in January.
Hat tip Bleeping Computer.
Cat and prey image via Shutterstock
More For You
알아야 할 것:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
XRP Faces Downside Risk as Social Sentiment Turns Wildly Negative
The turn in crowd mood comes after a two-month slide of roughly 31%, leaving the token vulnerable to further downside if risk appetite weakens across majors.
알아야 할 것:
- XRP's price approached the $2 mark as social sentiment around the token turned sharply negative, according to Santiment data.
- The token has experienced a 31% decline over two months, making it vulnerable to further losses if market risk appetite weakens.
- Santiment's sentiment model indicates XRP is in a 'fear zone,' where negative commentary significantly outweighs positive talk, potentially influencing market positioning.
Top Stories
