Intel Security

Virtual Currency Botnets Dig up Fool’s Gold

The virtual currency boom has given way to the rise of botnets focused on mining and cultivating these currencies. Botnets with multiple levels of mining functionality exist, yet most yield ineffective results. Since the mining algorithms are highly sophisticated, and the botnets are not equipped with the specialized hardware needed to completely infiltrate them, the attacker’s expenses and energy are often equal to any marginal profits gained from such an attempted breach. Essentially, botnet vendors are aware their products produce limited to no profit, and are at risk for exposure since the victim of attacks is more likely to discover a bot attack when mining.

Monetary profit has been the end goal of botnet malware for years. Cybercriminals who purchase botnets or kits to build their own are now taking aim at mining virtual currencies, hoping to dig up a crypto-currency fortune, but most find limited success. The authors behind the mining botnets are the ones earning a profit for kits that promise a high yield yet under deliver.

Underground security forums or marketplaces offer up countless versions of miner botnets, builders, and cracked versions at a cheaper rate. Some popular builders and services include EnvyMiner, DeadCow, SovietMiner, JHTTP, Black Puppet, and Aura, and range anywhere from $45 to $200 for lifetime access. However, a majority of the most popular miner bots and kits have been cracked or leaked and offer services for free.

Despite the high availability of these botnets, they payoff just doesn’t exist. The graph below depicts a difference in profit when operating a botnet with Bitcoin mining versus a botnet sans mining capabilities. As more miners are added to a virtual currency ecosystem, the difficulty in gaining profit increases. Based on the current difficulty levels, the likelihood of a botnet harvesting a profit is slim. The profit difference is depicted in the graph below is shown over Bitcoin difficulty cycles of one about every two weeks. At this rate, botnets would be more useful for financial gain if the efforts were redirected to password or credit card number theft.

More baffling is the use of botnets mining on mobile Android devices, since their processors are slower than desktop or laptop processors. Low battery life and greater risk of hardware failure also makes these attacks more likely to fail. Regardless, cybercriminals still aim their sights on virtual currency mining via botnets.

Heavy doubt surrounds botnet virtual currency mining as a means for profitability, but that hasn’t prevented these botnets from becoming mainstream purchases in the cybercrime world. Until the craze dwindles, the malware vendors will be the actual profiteers of this scheme.

Profit Difference Over Difficulty Ratings By Including Mining Malware