Cryptocurrency botnets are typically malicious and illegal in nature and tend to steal the computing power in an attempt to mine cryptocurrency. But now a new botnet has been discovered by security researchers that reportedly doesn’t pose a threat to any network, instead the botnet seeks out a particular type of crypto-mining malware and eliminates it.
The revolutionary botnet is known as fbot, which is a variant of Satori that is based on Mirai, a program which is usually used to conduct DDoS attacks. The DDoS module has been evidently deactivated, and the fbot now looks out for the devices which have been infected by a particular malware used in crypto-jacking & replaces it within the system.
Qihoo 360Netlab, discovered fbot and the researchers revealed that the bot is designed to scan the web for a particular type of crypto mining malware named as com.ufo.miner. After the bot finds out the malware, the bot installs itself at the top of the malware and eventually destroys it.
The botnet has been linked to a domain name, but the domain name isn’t accessible via the conventional Domain Name Systems (DNS). fbot’s domain name can be accessed via EmerDNS which is a decentralized alternative of DNS. The downside is that it gets quite tough to track the crypto mining malware and shut down the source address of botnet.
The researchers have said that “The choice of fbot using EmerDNS other than traditional DNS is pretty interesting, it raised the bar for security researcher to find and track the botnet (security systems will fail if they only look for traditional DNS names).”
It has not been confirmed as of yet whether fbot has come into being to bring out positive changes in the crypto mining space or if it has been released by a competitor who has plans to eliminate its competition entirely.
