New commercially available DIY invisible Bitcoin miner spotted in the wild

New commercially available DIY invisible Bitcoin miner spotted in the wild

by | May 22, 2013 | Industry Intel, Threat Lab

Reading Time: ~ 3 min.

By Dancho Danchev

Just as we anticipated in our previous analysis of a commercially available Bitcoin miner, cybercriminals continue “innovating” on this front by releasing more advanced and customizable invisible Bitcoin miners for fellow cybercriminals to take advantage of.

In this post, we’ll profile yet another invisible Bitcoin miner, once again available for purchase on the international cybercrime-friendly marketplace, emphasize on its key differentiation features, as well as provide MD5s of known miner variants.

More details:

Sample screenshot of the advertisement for the invisible Bitcoin miner:

Invisible_BitCoin_Miner_Commercial_Buy_Purchase_Price_02

Second screenshot of the advertisement for the invisible Bitcoin miner:

Invisible_BitCoin_Miner_Commercial_Buy_Purchase_Price

Sample screenshot of the DIY builder:

Invisible_BitCoin_Miner_Commercial_Buy_Purchase_Price_01

Some of the features include auto-starting capabilities, polymorphism, utilization of 15 pre-defined Bitcoin pools, the ability to kill competing Bitcoin miners, complete pseudo-randomization of multiple variables, as well as support for Socks proxy servers, allowing the cybercriminals behind it to add additional layers of anonymity to their campaigns.

The price for the builder, allowing a potential customer to generate unlimited number of builds, is $19.99, with the seller accepting Liberty Reserve, PayPal, and ironically, Bitcoin.

Sample screenshots provided by happy customers of the Bitcoin miner, proving that it works:

Invisible_BitCoin_Miner_Commercial_Buy_Purchase_Price_03 Invisible_BitCoin_Miner_Commercial_Buy_Purchase_Price_04 Invisible_BitCoin_Miner_Commercial_Buy_Purchase_Price_05 Invisible_BitCoin_Miner_Commercial_Buy_Purchase_Price_06 Invisible_BitCoin_Miner_Commercial_Buy_Purchase_Price_07 Invisible_BitCoin_Miner_Commercial_Buy_Purchase_Price_08 Invisible_BitCoin_Miner_Commercial_Buy_Purchase_Price_09 Invisible_BitCoin_Miner_Commercial_Buy_Purchase_Price_10

MD5s for known samples of this invisible Bitcoin miner:
MD5: b1d53fd86e56b3d6601edfed996f45f8
MD5: 3475dabb9c79a0059e2468332a1d0382
MD5: 432a139b85a1c68b54a8d89fdb79d79c
MD5: a9aa5523e9d2a0be7059891804e13667

Due to its commercial availability on the international cybercrime-friendly marketplace, we expect that this invisible Bitcoin miner will continue gaining marker share which in combination with its distinct set of features, in particular the Bitcoin miner killing feature, will inevitably result in systematic abuse on behalf of its customers.

Webroot SecureAnywhere users are proactively protected from these threats.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on Twitter.

Blog Staff

About the Author

Blog Staff

The Webroot blog offers expert insights and analysis into the latest cybersecurity trends. Whether you’re a home or business user, we’re dedicated to giving you the awareness and knowledge needed to stay ahead of today’s cyber threats.

1 Comment

  1. William M Lolli
    William M Lolli on May 23, 2013 at 4:50 pm

    I am a webroot partner here in San Diego and can help you get subscriptions to any of the Webroot line of Cloud-based security products. Contracts and minimum requirements for annual subscriptions do apply, but you can inquire for a quote. Contact me wlolli at techassistinc dot com for more information. I am a Litecoin miner myself and I have BFL SC units on pre-order– just like many of you. Believe me– you will need cloud based proxy protection for your rigs.

Trackbacks/Pingbacks

  1. Malware verwandelt PC in Bitcoin-Produzenten - TechNet Blog Deutschland - Site Home - TechNet Blogs - […] sogar einen Update-Dienst, mit dem die Malware einer Entdeckung entgehen soll. Kurz darauf ist eine zweite Version der Malware…
Share This