Yahoo! Spread Bitcoin Mining Botnet Malware Via Ads

Outsmart Malicious Hackers


Bitcoin and other cryptocurrencies are pretty much headline news every day now, especially with the inflated values (Bitcoin over $1000 recently). We haven’t mentioned them for a long time though, back in 2012 we wrote about Hackers breaking into a Bitcoin Exchange Site called Bitcoinica.

There have been plenty of Bitcoin related hacks since then, mostly targeting exchanges, but there have been some other interesting developments like these so called bitnets, which are basically Bitcoin Mining malware botnets.

The most recent news is that Yahoo! recently served up some adverts which contained malware, the intent of the malware is to create a Bitcoin mining botnet.

Yahoo confirmed that for a four-day period in January, malware was served in ads on its homepage. Experts estimate that as many as two million European users could have been hit. Security firm Light Cyber said the malware was intended to create a huge network of Bitcoin mining machines.

“The malware writers put a lot of effort into making it as efficient as possible to utilise the computing power in the best way,” Light Cyber’s founder Giora Engel told the BBC.

Bitcoin mining malware is designed to steal computing power to make it easier for criminals to accumulate the virtual currency with little effort on their part.

“Generating bitcoins is basically guessing numbers,” said Amichai Shulman, chief technology office of security firm Imperva. “The first one to guess the right number gets 25 bitcoins and if you have a large volume of computers guessing in a co-ordinated way then you have a more efficient way of making money,” he added.

Other than a computer running slower, victims will be unaware that their machine is being used in what could become known as a “bitnet”. It is a variation on the traditional botnet, networks of malware-infected computers used to churn out spam or bombard websites with requests in order to knock them offline. Some experts estimate that such networks could be generating as much as $100,000 (£60,000) each day.

If the estimates are true, then whoever wrote this malware and managed to get it onto the Yahoo! frontpage could be minting money – $100,000 a day! That’s 3 million bucks a month, certainly no chump change.

I’d be interested to know more though, as CPU mining for Bitcoin is incredibly inefficient – so I wonder if this malware also harnesses GPU minining – which whilst can’t be compared to ASICS miners – still has a decent amount of grunt.


Yahoo acknowledged the attack in a statement earlier this week.

“From December 31 to January 3 on our European sites, we served some advertisements that did not meet our editorial guidelines – specifically, they spread malware,” the statement read.

It went on to say that users in America, Asia and Latin America weren’t affected but did not specify how many European users were victims. Fox IT, the Dutch cybersecurity firm which revealed the malware attack, estimates that there were around 27,000 infections every hour the malware was live on the site. Over the period of the attack that could mean as many as two million machines were infected. Such attacks may be hard to avoid, said Mr Shulman.

“For an ad platform it is virtually impossible to guarantee 100% malware free ads. There are many independent stakeholders involved in the process of web advertising, so from time to time any ad platform is bound to deliver malware.”

It’s a pretty scary thought that no ad platform can be malware free, but honestly I’ve never experienced Google Adsense serving any kind of malware – although when I’m browsing on mobile lately I’ve had a lot of sides trying to push random .apk files to me.

It seems to like it was only regional as well with European users being targeted (perhaps due to the advert geo-targeting) – but with up to 2 million people infected – that’s a fairly decent sized Bitcoin mining botnet.

Source: BBC News

Posted in: Cryptography, Malware, Web Hacking

, , , ,


Latest Posts:


BootStomp - Find Bootloader Vulnerabilities BootStomp – Find Android Bootloader Vulnerabilities
BootStomp is a Python-based tool, with Docker support that helps you find two different classes of bootloader vulnerabilities and bugs.
Google Chrome Marking ALL Non-HTTPS Sites Insecure July 2018 Google Chrome Marking ALL Non-HTTPS Sites Insecure July 2018
Google is ramping up its campaign against HTTP only sites and is going to mark ALL Non-HTTPS sites insecure in July 2018 with the release of Chrome 68.
altdns - Subdomain Recon Tool With Permutation Generation altdns – Subdomain Recon Tool With Permutation Generation
Altdns is a subdomain recon tool in Python that allows for the discovery of subdomains that conform to patterns. The tool takes in words that could be present in subdomains under a domain (such as test, dev, staging) as well as takes in a list of subdomains that you know of.
0-Day Flash Vulnerability Exploited In The Wild 0-Day Flash Vulnerability Exploited In The Wild
So another 0-Day Flash Vulnerability is being exploited in the Wild, a previously unknown flaw which has been labelled CVE-2018-4878 and it affects 28.0.0.137 and earlier versions
dorkbot - Command-Line Tool For Google Dorking dorkbot – Command-Line Tool For Google Dorking
dorkbot is a modular command-line tool for Google dorking, which is performing vulnerability scans against a set of web pages returned by Google search queries in a given Google Custom Search Engine.
USBPcap - USB Packet Capture For Windows USBPcap – USB Packet Capture For Windows
USBPcap is an open-source USB Packet Capture tool for Windows that can be used together with Wireshark in order to analyse USB traffic without using a Virtual Machine.


Comments are closed.