Share this article
Novel Botnet Hunts Down and Destroys Crypto Mining Malware
A newly discovered botnet is seeking out and removing crypto-mining malware, but why it has been created is still unknown.
Updated Sep 13, 2021, 8:23 a.m. Published Sep 18, 2018, 12:00 p.m.
Make us preferred on Google
Security researchers have discovered a new botnet that, rather than posing a threat, seems to be seeking out and destroying a type of crypto-mining malware.
Called Fbot, the botnet is a variant of one called Satori, which is in turn based on Mirai – a program normally used for DDoS attacks. Unusually, the DDoS module seems to have been deactivated and instead Fbot searches for devices infected with a specific crypto-jacking malware and replaces it in the system, the report says.
STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
Discovered by the team at Qihoo 360Netlab, the variant seeks out a malware form dubbed com.ufo.miner – a variant of Android-based monero miner ADB.Miner.
Distributing itself by searching for devices with a specific open port, the botnet then uses a script to uninstall com.ufo.miner, if found. Fbot is programmed to scan and propagate, install itself over the malware and ultimately self-destruct, the researchers say.
Also unusually, the botnet code is linked to a domain name accessible, not through a standard domain name system (DNS), but a decentralized alternative called EmerDNS that makes addresses harder to trace and shut down.
The researchers said:
"The choice of Fbot using EmerDNS other than traditional DNS is pretty interesting, it raised the bar for security researcher to find and track the botnet (security systems will fail if they only look for traditional DNS names)."
It is not yet clear if Fbot has been set up by someone with good intentions or by a rival crypto-jacker seeking to remove the competition.
The prevalence of crypto mining malware has shot up in the last year, according to various security teams, and has been found globally on systems owned by enterprises and governments, as well as individuals. Further, the previous crybercrime tool of choice, ransomware, has now taken a back seat amid the surge.
Indeed, IT security firm Trend Micro reported in late August, crypto-jacking attacks spiked by 956 percent from the first half of 2017 to the first half of 2018.
Among current initiatives to counter the rising threat, Firefox said on Aug. 31 that its browsers will soon automatically block crypto mining malware scripts. The Opera browser launched similar protection for mobile devices in January.
Hat tip Bleeping Computer.
Cat and prey image via Shutterstock
More For You
Pudgy Penguins is building a multi-vertical consumer IP platform — combining phygital products, games, NFTs and PENGU to monetize culture at scale.
What to know:
Pudgy Penguins is emerging as one of the strongest NFT-native brands of this cycle, shifting from speculative “digital luxury goods” into a multi-vertical consumer IP platform. Its strategy is to acquire users through mainstream channels first; toys, retail partnerships and viral media, then onboard them into Web3 through games, NFTs and the PENGU token.
The ecosystem now spans phygital products (> $13M retail sales and >1M units sold), games and experiences (Pudgy Party surpassed 500k downloads in two weeks), and a widely distributed token (airdropped to 6M+ wallets). While the market is currently pricing Pudgy at a premium relative to traditional IP peers, sustained success depends on execution across retail expansion, gaming adoption and deeper token utility.
More For You
Ethereum’s ERC-8004 aims to put identity and trust behind AI agents
A new Ethereum standard seeks to give AI agents portable identities and reputations, letting them interact across companies and chains without relying on centralized gatekeepers.
What to know:
- Ethereum developers are set to roll out ERC-8004, a new standard that gives AI software agents persistent on-chain identities and a shared framework for establishing credibility.
- The standard defines three registries—identity, reputation and validation—that let agents register themselves, collect reusable feedback and publish independent checks of their work on Ethereum or layer-2 networks.
- Framed as neutral infrastructure rather than a marketplace, ERC-8004 aims to enable interoperable, gatekeeper-free AI services on Ethereum, even as ether trades just above $3,000 after a recent price gain.
Top Stories
