RESEARCHERS HAVE DISCOVERED a new variant of the Mirai botnet, which was first discovered compromising Internet of Things (IoT) devices to carry out DDoS attacks, that can be used to mine bitcoins.
IBM X-Force said it had recently uncovered the new variant of the ELF Linux/Mirai malware, delivering a bitcoin-mining module to its infected hosts.
According to IBM security threat researcher Dave McMillen, there is an incentive for criminals to have bitcoins in their pocket to facilitate their activities as it is the currency of choice for purchasing illegal commodities such as malware.
He added that it was possible that the attackers were looking to find a way to make bitcoin mining via compromised IoT devices a lucrative venture.
The new Mirai variant is similar to another recently-found version that leverages a Windows Trojan. Instead, it focuses on attacking Linux machines running BusyBox software. According to McMillen, the software provides several stripped-down Unix tools in a single executable file and digital video recording (DVR) servers. BusyBox uses a Telnet protocol, which is a 'gateway' into IoT devices for attackers.
The add-on to this variant is dubbed a 'bitcoin miner slave'. As many IoT devices are low-powered, McMillen and his team questioned the effectiveness of this add-on as it would lack the power to create many, if any, bitcoins.
"Mining bitcoins is a CPU-intensive activity. How many compromised devices would it take to make the mining of bitcoin a viable revenue source for attackers? Wouldn't attackers have better luck compromising a bitcoin exchange company, as has been the case numerous times in the past," he questioned.
However, he suggested that Mirai's power to infect thousands of machines at a time could mean there was a possibility that the bitcoin miners could work together in tandem as one large miner consortium.
"We haven't yet determined that capability, but we found it to be an interesting yet concerning possibility. It's possible that while the Mirai bots are idle and awaiting further instructions, they could be leveraged to go into mining mode," he said.
The Mirai botnet has been blamed for several high-profile cyber assaults, including a DDoS attack against internet infrastructure firm Dyn, which caused problems accessing sites including Amazon, Twitter and Netflix. µ
Could face hefty fines and ban in Russia if it fails to comply
What next?! Self-driving planes... oh wait
It's expected to last for 'a number of weeks'