The infamous Mirai Internet of Things botnet has changed course with a new version switching to mining bitcoin, at least temporarily.
First spotted by researchers at IBM Corp.’s X-Force security arm, the new variant of the ELF Linux/Mirai malware was detected mining bitcoin for a few days in late March, before it then mysterious stopped doing so.
“We did not find any evidence to indicate why this attack was short-lived; however, seeing campaigns with a short life cycle such as this is common,” Senior Threat Researcher David McMillen told eWeek. “We haven’t seen activity since March 27. However, that isn’t to say we won’t see more activity in the future.”
The variant used a two-stage process to hijack machines to mine bitcoin. It started with an initial infection in finding and then infecting Internet of Things devices that are running BusyBox software with the default username and password still in place. Once on the device, the second stage involved the installation of a bitcoin miner obtained from an external server, meaning that the miner itself was not bundled with the initial installation.
Whether the use of the Mirai botnet for bitcoin mining was a success or not is uncertain. “Given Mirai’s power to infect thousands of machines at a time … there is a possibility that the bitcoin miners could work together in tandem as one large miner consortium,” McMillen explained. “We haven’t yet determined that capability, but we found it to be an interesting yet concerning possibility. It’s possible that while the Mirai bots are idle and awaiting further instructions, they could be leveraged to go into mining mode.”
Bitcoin mining involves the use of computers to figuratively “mine” for bitcoin, in which the network puts together the collection of a block, a few hundred pending bitcoin transactions, and then turns them into a mathematical puzzle. Miners subsequently attempt to solve the puzzle. This is how bitcoin comes into being, and while it was once possible to use even a single computer to mine for bitcoin, the larger bitcoin grows, the harder the puzzles are to solve, resulting in bitcoin mining farms which involve hundreds and sometimes thousands of computers dedicated to the process.
In theory, thousands of IoT devices in a botnet could be used for bitcoin mining, but as IBM notes, given most of those devices have low computing power it’s highly questionable as to how effective they could be in the process.