Yahoo Ad Malware Was An Attempt To Build A Secret Bitcoin Mining Botnet

from the bitcoin-mining-scams-on-the-rise dept

A decade ago, it was actually fairly common to see various “distributed computing” projects seek to put a variety of people’s computers to use to tackle tough problems — and sometimes those distributed efforts involved clearly revealed and transparent code within other applications. A couple years ago, just as Bitcoin was first starting to get attention, I remember hearing from someone who was talking about trying to build a media player that would look to offer licensed/authorized content in exchange for quietly being a part of a Bitcoin mining effort. Nowadays, it appears that this idea of creating secret distributed Bitcoin mining is taking on a somewhat more questionable reputation. A gaming software company was whacked with a $1 million fine after (the company claims) a “rogue employee” included some Bitcoin mining hidden within their app. There have been accusations that a number of other apps out there are also secretly mining bitcoin.

Just recently, we noted that Yahoo users in Europe were exposed to malicious ads that were downloading malware. It’s now come out that the malware was… Bitcoin mining software, which sought to use some of everyone’s excess computing resources to hunt for more Bitcoin. As “malware” goes, this is actually a lot less damaging than some other stuff out there (keyloggers designed to steal bank info, for example). It likely would bump up electricity bills slightly for some users, and basic PC mining is pretty ineffective, but it’s interesting to see that malware folks are taking such extreme steps to try to build secret Bitcoin mining networks.

Of course, it still seems like doing this kind of thing in an upfront way might be an interesting business model: offer some useful software for free, telling folks very clearly that the “payment” is that they’ll be using some of your spare cycles for mining. Of course, it might be better if this was done for cryptocurrencies that weren’t so damn inefficient with electricity — something like Peercoin instead of Bitcoin, for example. I imagine it’s really only a matter of time. Imagine a Netflix/Hulu competitor that offered you the content for free, in exchange for distributed computing power, paying the licenses out of the proceeds from the mining. It’s not that crazy when you think about it…

Filed Under: , , ,
Companies: yahoo

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Yahoo Ad Malware Was An Attempt To Build A Secret Bitcoin Mining Botnet”

Subscribe: RSS Leave a comment
Ninja (profile) says:

Well, it was a matter of time I guess. I wonder if antivirus software are already adding such things to their lists? The PUP detection abilities are already there for a while now.

Of course, it might be better if this was done for cryptocurrencies that weren’t so damn inefficient with electricity — something like Peercoin instead of Bitcoin, for example.

On a side note, not as related, how many of those digital cryptocurrencies are out there? For the more initiated in economics, isn’t it bad to have a fragmented market?

Anonymous Coward says:

Re: Re: Re:

Any extra malware increases the chance that the whole set is discovered, which reduces the return from the bitcoin mining part. If the mining is profitable enough, it is rational to install only it, to lessen the chance of either discovery or (with more aggressive kinds of malware) actually damaging the system it’s running on.

Anonymous Coward says:

What a useless concept. It would have been cool years ago but now for any SHA256-based currency this is useless, you can’t compete with ASIC miners. Especially since you need the user to have decent hardware and be physically logged in locally for mining to work decently, otherwise you’re stuck using CPU mining which is even more ridiculous for SHA256. You’d literally need millions of computers to compete against a single 1000$ unit… and guess how many of those are out there now.

And yes, even scrypt based mining on CPU is pretty much useless, unless your entire point is to mine at a loss.

So these people had way too much expectations out of their “hidden” miner.

Just Sayin' says:

Not a bad idea

Actually, these guys are onto something. Almost all malware is directed towards accomplishing a secondary goal these days, it’s rarely about just screwing up a computer because you can.

Some are more direct than others, botnets have been created to spam or do to DDoS attacks for a price, and the encode the files on your hard drive ransom ware is just a more direct version.

This bitcoin malware isn’t unique, it’s just that someone figured out that there was a hole to be filled. if you can get a few million computers working for you, even if they aren’t very effecient, and you can mine some decent numbers. With bitcoins at $1000 a pop these days, it could become very profitable.

I wonder if the next one will look for existing mining rigs, mining software, or the like and subvert it? Perhaps looking for bitcoin account numbers to try to transfer funds out of the account.

… and the AC is right, if your system is sensitive to heat, running it really hard for an extended period could harm it, so this isn’t malware without cost or potential pain.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...