Security experts from IBM have discovered that the hackers behind the botnet software ELF Linux / Mirai have brought a new trick to their product: A variant of the Mirai malware now contains a module that infects devices to the Bitcoin- Mining.
The IBM Security team has also noticed a major activity peak of this new Mirai variant between 24 and 27 March.
The main task of Mirai is to search on the Internet independently for IoT devices, which can be addressed and infected via the Telnet protocol. This is about devices that use a Linux variant called BusyBox. This operating system is particularly widespread in digital video recorders, but other IoT devices such as routers, VoIP telephones, smart TVs, industrial control systems and many other devices may also be at risk.
Mirai also includes modules that can be used to force infected devices to perform certain activities, such as DDoS attacks.
The installation of the new component for bitcoin mining by the hackers could be just a stupid idea. In order to successfully test bitcoins, one needs above all one thing: much (nowadays a lot) calculating power.
This is exactly what individual IoT devices do not. So you have to let them work together. But even this does not necessarily seem promising. Ten to a hundred thousand devices in a Mirai botnet can drive together the most massive DDoS attacks. However, it seems to be very questionable whether they can be spanned efficiently enough to act as a kind of peer-to-peer computer network against the supercomputer-like server farms of the serious bitcoin miners in Asia.
In addition, if the CPU of an IoT device is loaded by Bitcoin Mining, the owner is much more likely to be involved than when used for DDoS attacks.
The Bitcoin News