Cryptomining Campaign Unleashes Modified Mirai Botnet
Cryptocurrency Fraud
,
Endpoint Security
,
Fraud Management & Cybercrime
Latest Campaign Injects Song Lyrics and Other ‘Immature’ Elements Into Its Code
A new cryptomining campaign uses a quirkily customized Mirai botnet to spread cryptomining malware designed to hide the digital wallet that collects the ill-gotten gains.
See Also: JavaScript and Blockchain: Technologies You Can’t Ignore
Security researchers at Akamai dubbed the Mirai variation NoaBot and said that it uses a unique SSH scanner but also exhibits an unexpected touch of immaturity.
Mirai is a wormable botnet infamous for targeting Linux-based IoT devices. Numerous versions of Mirai are in the wild thanks to an anonymous coder who leaked source code online before its three original authors pleaded guilty in 2017.
Akamai researchers first spotted NoaBot in early 2023. They also identified a link between NoaBot and the P2PInfect worm, discovered in July 2023 by Unit 42.
Unlike the original Mirai, NoaBot spreads malware through secure shell protocol – not Telnet. The SSH scanner “seems to be custom made, and quite peculiar,” Akamai wrote. Once it establishes a connection, it sends a string “hi.” It makes sense to establish and quickly terminate a connection from an infected system. “Hi” is not a valid SSH packet, so Wireshark marks it as malformed.
“Why does it bother sending ‘hi,’ though? That’s a mystery,” Akamai…
