Naive IoT botnet wastes its time mining cryptocurrency

Image: Peter Kruse

Security researchers from Romanian antivirus vendor Bitdefender have discovered a botnet that infects home routers and other Internet of Things (IoT) smart devices and then attempts to mine for cryptocurrency.

This marks the third such IoT botnet that wastes its time by attempting to mine cryptocurrency on devices that clearly don’t support these types of operations.

Short history of LiquorBot

Named LiquorBot, the botnet was first spotted in May 2019, according to a report Bitdefender published yesterday.

The botnet is nothing special in terms of technical capabilities. It works just like any other IoT botnet that’s been documented over the past few years. Below is a short summary of LiquorBot’s features:

  • Uses the following exploits to infect routers and smart devices (mostly routers): CVE-2015-2051, CVE-2016-1555, CVE-2016-6277, CVE-2018-17173, CVE-2017-6884, CVE-2018-10562, CVE-2017-6077, CVE-2017-6334, CVE-2016-5679, CVE-2018-9285, CVE-2013-3568, CVE-2019-12780
  • Uses a list of 82 username-password combinations to brute-force the SSH service of smart devices on which the default password has not been changed
  • Can infect devices running on CPU architectures like ARM, ARM64, x86, x64, and MIPS
  • Is controlled from a web-based command and control (C&C) server

About the only novel detail about LiquorBot is the fact that the malware is a version of the Mirai strain rewritten in the Go programming language — but that’s about it.

Wasting its time

Most IoT botnets today usually appear and disappear within weeks or months. LiquorBot is a strange case because it remained active throughout all 2019.

Bitdefender says the malware often received updates, usually in the form of new exploits. The most interesting update was, however, recorded in October.

Source Link