Cybersecurity researchers described two new methods that can be used to violate Cryptocurrency mining Botnets.
Methods use the design of various common Prey topology To close mining processAkamai said in a new report published today.
“We have developed two methods using mining -tags and policies in the pool that allow us to reduce Botnet Cryptominer’s efficiency to fully close it, which causes the attacker to make radical changes to your infrastructure or even refuse – Note.
Methods said web -infrastructure depends on operation Layer Mining protocol in such a way that it causes a proxima or a wallet wallet, which effectively disrupts the operation.
The first of the two approaches, called bad stock, entails a proxy -manufacturer on the network, which, in turn, leads to the disconnection of the entire operation and causes the victim to fall from 100% to 0%.
While proxy -mining acts as a mediator and protects the mining -pool of the attacker, and, on expanding, their wallet turns, it also becomes the only point of refusal, preventing its regular function.
“The idea is simple: by connecting to a malicious proxy as a miner, we can present false mining work results – bad stocks – which will bypass proxies and will be presented in the pool,” Dahan explained. “Consistent bad shares will eventually be banned by proxy, effectively stopping mining operations for all criminal botten.”
This, in turn, entails the use of a developed instrument called Xmrogue To bring yourself to the miner, connect to the proxy -mining, present consistent bad stocks and eventually prohibit proxy from the pool.
The second method developed by Akamai scripts operates when the victim’s miner connects directly to the public pool, does not proxy using the fact that the pool can ban the wallet address for one hour if it has more than 1000 workers.
In other words, initiating more than 1000 entry requests using the attacker’s wallet will simultaneously force the pool to ban the striker’s wallet. However, it should be noted that this is not a permanent decision, as the account can put up a recovery as soon as several connections are stopped.
Akamai noted that while the aforementioned methods were used to target the miner minero miners, they may be spread to other cryptocurrencies.
“The above methods show how the defenders can effectively stop the malicious Cryptominer companies without breaking the legal work in the pool, using the policy in the pool,” Dahan said.
“The legitimate miner will be able to recover quickly after this type of attack, as they can easily change their IP or wallet at the local level. This task will be much more complicated for angry crypto, as it will require change of botten.
