Skip to main content

A vigilante botnet is taking out crypto-jacking malware

There is a new band of digital vigilantes on the loose and they’re going after mining malware. This isn’t a group of individual hackers though, but a botnet that is being leveraged to take out some of the most pernicious crypto-jacking software in the world. Known as Fbot, the botnet scans websites for a specific piece of mining malware and when it finds it, the botnet takes over the nefarious software and then destroys itself, taking the malware with it.

Crypto-jacking malware has been on the rise over the past couple of years and it even overtook ransomware as a more common attack vector for hackers earlier this year. Typically, the malware is installed via a malicious download or infected website and forces the system it’s attached to mine cryptocurrency. Although not as malicious or as damaging as data theft or encrypting a user’s files, it can wear out hardware by forcing it to run faster and harder than it was designed to do.

Typical anti-malware solutions can help protect against it, but Fbot is going after the source: The sites that distribute this malware in the first place. It specifically targets the crypto-jacking malware known as com.ufo.miner and it’s rather effective at killing it off when it does discover it.

As TheNextWeb explains, the Fbot botnet does appear to be linked to a domain name system, but it uses EmerDNS. That blockchain based DNS is entirely decentralized, so tracking down individual domain name owners isn’t easy. As of now, the creators of Fbot remain as unknown as the developers of the crypto-jacking malware it targets, but their efforts appear admirable.

The researchers who discovered the botnet, Qihoo360Netlab, claim that there appear to be links between this botnet and the Satori botnet which has in the past been used to infect mining hardware. With that in mind, it’s possible that Fbot doesn’t have altruistic aims, but is instead being used to reduce the saturation of the com.ufo.miner in favor of the creator’s own malware.

Regardless of motive though, the end result in the short term is that there should be less crypto-jacking malware to be wary of.

Jon Martindale
Jon Martindale is the Evergreen Coordinator for Computing, overseeing a team of writers addressing all the latest how to…
How Coinbase stopped the Twitter Bitcoin hack from being even worse
twitter and laptop hacked

The hackers behind last week's massive Twitter security breach made off with more than $100,000 through their Bitcoin giveaway scam. But it could have been much worse.

Quick responses from Twitter and Bitcoin exchanges like Coinbase reportedly kept a combined $300,000 away from the hackers' pockets.

Read more
FBI moves in to investigate Twitter’s massive Bitcoin hack
Twitter symbol photo. Credits: Twitter official.

The Federal Bureau of Investigation (FBI) is now examining the major hack that hit Twitter on Wednesday, July 17, in a bid to find out who was behind the incident, the Wall Street Journal reports

Twitter accounts belonging to Barack Obama, Joe Biden, Bill Gates, Elon Musk, and Jeff Bezos, among other high-profile users of the microblogging service, were hit in a scam that involved a fake tweet encouraging followers to send payments to a Bitcoin wallet. It had some success, too, as data on Blockchain.com showed that more than $115,000 via 392 transactions was sent to the Bitcoin wallet posted in the messages.

Read more
Dozens of major Twitter accounts hacked in massive Bitcoin scam
Twitter Bitcoin

Update: Late Wednesday night, Twitter revealed what it knows so far about the hack that targeted dozens of high-profile accounts on its service -- and it isn't much.

Dozens of high-profile Twitter accounts were seemingly hacked in a massive Bitcoin scam on Wednesday afternoon, with each account tweeting out messages offering anyone thousands of dollars worth of cryptocurrency. After more than an hour, the social network disabled tweeting from verified accounts in order to stop the message from spreading.

Read more