Cryptocurrency botnets are normally the weapons of evil, used to covertly and illicitly steal other people’s computing power to earn coins. But now there’s a new kid on the block, and it seems to be cleaning up online avenues of crypto-malware.
The botnet, known as Fbot, appears to be hunting down illegitimate cryptocurrency mining malware and erasing it from where ever it is being hosted.
According to the researchers who discovered the botnet, Qihoo 360Netlab, the bot scans the web for a specific piece of cryptocurrency mining malware called com.ufo.miner. When found, the botnet installs itself over the top of the malware and then destroys itself.
Interestingly, the botnet is linked to a domain name. However, that domain is not accessible through conventional domain name systems (DNS). Rather it is accessed through EmerDNS – a decentralized alternative, which makes it much more difficult to track and possibly shut down the botnet’s source address.
Who exactly made and released this botnet into the wild at the time of writing remains a mystery.
There is the possibility that some rival cryptocurrency miner malware creators are using Fbot to wipe out the competition. Or maybe, there are some good folk still out there looking to make a positive impact and solve a real and growing problem.
Cryptocurrency malware – especially crypto-jacking campaigns – is on the rise. Just this week numerous government websites in India had fallen foul of cryptocurrency mining scripts.
We’ll have to wait and see if Fbot turns out to be one of the good guys, or just a baddie in a mask.
Published September 18, 2018 — 14:39 UTC