Two newly discovered botnets are largely found to exploit virtual currency based on blockchain technology (“mines”) for cybercriminals. In one case, researchers could estimate that a network of 4,000 machines could give owners $ 30,000 a month. In another case, the researchers witnessed that the criminals dragged over $ 200,000 with a botnet of 5,000 pcs.
The botnets have been discovered by the Kaspersky Lab Anti-Malware Research team. The criminals behind this botnets spread mining software using victims voluntarily installed adware programs. After the adware program is installed on the victim’s computer, a malicious component is downloaded: the miner installer. This component installs the mining software and also performs some activities to ensure that the miner continues to work for as long as possible. These activities include:
- An attempt to disable the security software;
- Tracking all application launchers and interrupting their own activities as a program that starts monitoring system activities or rotating processes;
- Make sure that the mining software is always on the hard disk and reset it when it is removed.