Skip to main content

A vigilante botnet is taking out crypto-jacking malware

There is a new band of digital vigilantes on the loose and they’re going after mining malware. This isn’t a group of individual hackers though, but a botnet that is being leveraged to take out some of the most pernicious crypto-jacking software in the world. Known as Fbot, the botnet scans websites for a specific piece of mining malware and when it finds it, the botnet takes over the nefarious software and then destroys itself, taking the malware with it.

Crypto-jacking malware has been on the rise over the past couple of years and it even overtook ransomware as a more common attack vector for hackers earlier this year. Typically, the malware is installed via a malicious download or infected website and forces the system it’s attached to mine cryptocurrency. Although not as malicious or as damaging as data theft or encrypting a user’s files, it can wear out hardware by forcing it to run faster and harder than it was designed to do.

Typical anti-malware solutions can help protect against it, but Fbot is going after the source: The sites that distribute this malware in the first place. It specifically targets the crypto-jacking malware known as com.ufo.miner and it’s rather effective at killing it off when it does discover it.

As TheNextWeb explains, the Fbot botnet does appear to be linked to a domain name system, but it uses EmerDNS. That blockchain based DNS is entirely decentralized, so tracking down individual domain name owners isn’t easy. As of now, the creators of Fbot remain as unknown as the developers of the crypto-jacking malware it targets, but their efforts appear admirable.

The researchers who discovered the botnet, Qihoo360Netlab, claim that there appear to be links between this botnet and the Satori botnet which has in the past been used to infect mining hardware. With that in mind, it’s possible that Fbot doesn’t have altruistic aims, but is instead being used to reduce the saturation of the com.ufo.miner in favor of the creator’s own malware.

Regardless of motive though, the end result in the short term is that there should be less crypto-jacking malware to be wary of.

Editors' Recommendations