MALWARE RESEARCHERS have warned about increased distribution of Bitcoin mining trojans and point out that some of them have been upgraded to also perform other illegal activities.
Bitcoin is a cash-like peer-to-peer virtual currency that people can use over the internet without the need of intermediary banks or payment processing services. This flexibility and the high degree of anonymity that Bitcoin transactions provide have made the currency very popular in recent months. Bitcoins are introduced into the market by so-called mining, a virtual process performed according to a pre-established algorithm. Bitcoin mining is a form of cryptographic hash cracking and requires both computing power and luck to perform successfully. Bitcoin miners use special rigs with carefully selected hardware components and they join together in so-called mining pools in order to increase their chances of success and maximize their profits. Because of their distributed nature botnets are perfect for Bitcoin mining and it was only a matter of time until cyber criminals realized this. Trojans incorporating Bitcoin mining software started appearing a few months ago and have since significantly increased in number and sophistication. They've switched from merely abusing the CPU resources of infected computers to also leveraging their powerful graphic chips. According malware experts at antivirus vendor Trend Micro, Bitcoin mining trojans are being distributed on social media websites. One such campaign observed on Twitter recently lured users with funny Facebook pictures. In reality, the spammed links led people to a malicious file that installs a trojan detected by the company's antivirus products as HKTL_BITCOINMINE. Another piece of Bitcoin mining malware that Trend Micro researchers were tracking, identified as BKDR_BTMINE.MNR, has recently been upgraded with a component that facilitates distributed denial-of-service attacks. This is one of the most complex trojans of this type, bundling three different legitimate Bitcoin mining applications. After installation it downloads the necessary drivers to interact with the GPU and communicates with over 2,000 hardcoded IP addresses. The researchers believe that the new DDoS component might be used to attack other miners in order to prevent them from mining effectively. The list of targets is downloaded from a remote server and can be frequently changed. Things are only going to get worse. "Right now, Bitcoins are worth more than $8 each. With the value of Bitcoins constantly rising, the number of malware related to Bitcoin mining will inevitably increase as well," the Trend Micro experts warned. Bitcoin users are advised to keep their virtual wallets encrypted because some of these trojans are also known to steal Bitcoins. Running an up-to-date antivirus program and treating all links on social media websites with suspicion is always a must. |