the unwanted comeback of CPU miners

More and more people are turning into Monero miners without their knowing anything about it. Hackers enslave other computers in botnets and send them to the Monero mine. The practice is already so widespread that the talk bypasses that the mining malware is becoming the new ransomware. Is that good or bad?  

Imagine your computer is working like crazy and you don’t know why. The processor is groaning, the RAM is full, and the fan is roaring. Even though you don’t do anything. 

There is often malware in the background that has infected your device and sucks off computing power in order to do something, anything. Lately, “something” has increasingly been used to mean that the devices mine Monero. Such botnets that mine cryptocoins have become a mass phenomenon in recent months. Some security researchers even believe that this year it will be more widespread than ransomware. And that has become a mass plague in recent years that has made headlines again and again. There is also an interesting point about half of the bitcoin, namely, what will happen when the last bitcoin is mined, more details here

 “After the value of cryptocurrencies exploded,” writes a team of analysts from Talos, “we started mining Related attacks have become a preferred practice for many hackers, who are dawning to take full advantage of the financial benefits of other attacks, such as ransomware, without having to contact the victims and without provoking the extreme attention of law enforcement that the Ransomware usually accompanies it.“

As usual, the attackers smuggle a file onto their victim’s computer, for example through a promising application email. Fortunately for the victims, not all data on the disk is encrypted, as is the case with ransomware, but a small program is installed that searches for Moneros. The botnet operator becomes the mining pool, and the devices become the involuntary workers. The Talos analysts write that devices on the Internet of Things are an attractive target, as they are often only maintained sporadically and combine a lot of computing power. 

The absolutely preferred currency of these botnets is Monero. The reasons are obvious: The mining algorithm is ASIC-resistant and only gives weak advantages to graphics cards. This makes it relatively profitable for CPU miners, as botnets usually have to be. As a bonus, Monero is still particularly anonymous. The combination of ring signatures and confidential transactions ensures the highest level of privacy currently found in the crypto room. The illegally mined coins wash themselves, so to speak. 

The Talos analysts find that mining botnets can be quite lucrative. “To put it financially, a normal system can make about 25 cents a day in Monero, which means that an attacker who killed 2,000 (no big deal) could make $ 500 a day or $ 182,500 a year . “In reality, you can find much larger botnets.”Talos has seen botnets made up of millions of infected systems, which from what we’ve seen so far means that you can use these systems to theoretically earn more than $ 100 million a year.” {{1 }} 

In fact, botnets of this size have already formed that mine Moneros. On February 1, Bleeping Computer reported on the Smominru botnet, which allegedly consists of more than 526,000 devices, most of them Windows servers. The botnet had already mined over 8,900 Monero, which at the time was equivalent to more than $ 2 million. Most of the victims come from Russia, India, Taiwan, Ukraine and Brazil. This makes Smominru twice the size of the Adylkuzz botnet, which was the largest Monero botnet to date. Like this one, Smominru exploits the Eternal Blue weakness that was long kept secret and used by the NSA until it was finally released by the Shadowbrokers. Since then, it has often been used for ransomware, for example in the WannaCry pandemic.

Just a few days later, on February 5, the magazine reported on the next up-and-coming botnet: “A new botnet appeared on the scene at the weekend and it attacks Android devices by looking for open ports to provide victims with a Infect malware that Monero creates. ”The botnet was only launched last Saturday. So far it seems to consist of just over 7,000 devices, but it’s growing rapidly. Most of the victims are from China and South Korea, and television sets are the most affected. 

This has strange consequences for Monero. While on the one hand the price is falling, as is currently the case with all cryptocurrencies, the hashrate continues to rise. The botnets remove the connection between mining and electricity costs, which is common for cryptocurrencies, since it does not matter to the hacker how much his victims pay for electricity. Unlike other miners, the botnets will not stop mining when the energy costs exceed the yield. For the other miners, this has the depressing consequence that mining is becoming less and less lucrative. 

However, it was foreseeable that a CPU-friendly cryptocurrency would sooner or later become the pawn of botnets. Some in the Monero community find this offensive because it puts the network in the hands of criminal actors. Others, however, have no problem with the networks of zombie computers – as long as the operators adhere to the rules, they only help to make Monero more secure. 

Satoshi Nakamoto has already dealt with this question .A few days after he published his Bitcoin white paper in November 2008, someone criticized that mining would fall into the hands of bad actors. After all, they usually have the greatest computing power. Satoshi replied that this was not a problem in and of itself. “Even if a bad guy overwhelmed the network, he wouldn’t be instantly rich. All he can accomplish is get the money back that he spent, like breaking a check. To do that, he has to buy something from a merchant, wait for it to be shipped, then take over the network and try to get his money back. I don’t think he can make as much from it as when he creates bitcoins. With a zombie farm this size, it would generate more bitcoins than everyone else combined. In fact, the bitcoin network could also reduce spam by getting the zombie farms to generate bitcoins instead. ”

And something similar is happening right now as Monero malware replaces ransomware. Of course, it’s not exactly nice when your own computer involuntarily has to toil in the Monero mine. But it’s not the worst thing a hacker can do with a botnet.