Bitcoin Mining Malware Computer security is becoming a staple of headlines around the world. Snowden's disclosures have dramatically increased the public's awareness of such issues. The damage from such sprawling breaches as Heartbleed will likely take years to repair. The subject is naturally of particular…
Computer security is becoming a staple of headlines around the world. Snowden’s disclosures have dramatically increased the public’s awareness of such issues. The damage from such sprawling breaches as Heartbleed will likely take years to repair. The subject is naturally of particular interest to Bitcoiners, whose fortunes are only as secure as their devices.
[dropcap size=small]C[/dropcap]hicago-based hosting company, SingleHop, provide dedicated or cloud servers and managed hosting services. In 2011, they were named as America’s 25th fastest growing company.
Once detected, SingleHop took prompt action to scan all their servers and clean those found to be infected.
In their advisory email, SingleHop describe this as a growing problem around the web, referencing similar attacks experienced by Iowa State University and Amazon Web Services.
Infosec experts at professional services firm Ernst & Young are of the opinion that Bitcoin’s dramatic price appreciation is spurring further such attack. Speaking in late 2013, EY’s assistant director of fraud investigation and dispute services, Mattew Rees, was quoted as saying:
“I would strongly expect there to be more of this kind of thing happening in the future simply because Bitcoin is so much in the news now.
Bitcoin is a very interesting technology that may well open up whole new avenues of trading, of people being able to use micro-payments. But that’s not what’s in the press at the moment, it’s that these things have rocketed in value from virtually nothing a year ago to US $1,000 a piece now. So there’s advantage being taken of that noise.”
SingleHop describe immunization actions taken after affected services were cleaned as follows:
“SingleHop engineers have implemented basic security measures to prevent re-infection by the malware on your server, including resetting the server(s) root and/or administrator password In the coming days, your account manager will reach out to you with additional information that becomes available during our investigation, and to discuss additional steps that you can take to secure your servers and data.”
Speculation on my part: the above is suggestive of a Heartbleed attack in which the login details of administrators were captured and used to access servers to covertly install the malware. In other words, it’s hard to blame SingleHop for falling to an exploit which the NSA were more interested in exploiting than reporting or fixing.
My source for this story remarks that all SingleHop users seemed to be affected, but this has not yet been confirmed. CCN is currently awaiting further comment from SingleHop.
In a less consequential version of this Bitcoin mining malware story, it was reported nearly three weeks ago by The Register that “Dimwit hackers use security camera DVRs as SUPER-SLOW Bitcoin-mining rig[s].” This is another instance of incredibly slow hackers, or incomplete information from SingleHop. CPU cycles spent on Bitcoin mining are all but wasted given a CPU’s low hashrate when compared with an ASIC, which the majority of the network is compromised of.
These stories of CPU cycles on computers and mobile phones being used for Bitcoin mining only serve to distract the general media from actual events in the Bitcoin world. Please comment below if your SingleHop server has been reset due to this malware.
Last modified: January 3, 2020 3:10 PM UTC