Cyber security specialists have discovered a botnet, which destroys scripts for covert mining. Usually these programs are used for hacker attacks.
Botnet found and analyzed team Qihii 360Netlab. Fbot based on the program Mirai, which is used for DDoS attacks. However, he does not commit any illegal actions: a module for inactive attacks, instead it has a search function FOR devices for cryptocurrency mining.
The program is aimed at finding malicious script com.ufo.miner is a kind of miner ADB.Miner for mining Monero on devices with Android operating system. Fbot scans the network, spread through open ports. When it finds malware that is installed on top and remove it, then the botnet self-destructs. It is difficult to track because the program uses the standard domain name system, and its decentralized alternative EmerDNS.
Why is it important
- By whom and for what purpose linked to the first “good” botnet, is unclear. There is a version that thus, the producers of malware can eliminate the competition. Cybersecurity experts said the importance of the fact that it uses EmerDNS. This means that security systems must transcend to a new level. Until they can track only those malware that use traditional DNS names.
Subscribe to our Telegram channel Insider.Pro News and stay up to date with the latest news in the world of cryptocurrency.