McAfee Report: 'Futile' Mining Botnets Are Going Mainstream

Security firm McAfee has issued its latest quarterly report, which focuses on emerging threats such as cryptocurrency mining botnets.

AccessTimeIconJun 24, 2014 at 2:26 p.m. UTC
Updated Feb 21, 2023 at 1:11 p.m. UTC

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

Security firm McAfee has issued its latest quarterly threat report, focusing on a wide range of emerging technology security risks, including mobile malware disseminated by Flappy Bird clones and dangerous rootkits.

The June 2014 edition of the McAfee Labs Threats Report is the first time McAfee has taken an in-depth look at cryptocurrency mining botnets.

  • Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
    13:18
    Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
  • Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
    05:10
    Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
  • The first video of the year 2024
    04:07
    The first video of the year 2024
  • The last regression video of the year 3.67.0
    40:07
    The last regression video of the year 3.67.0
  • McAfee reports seeing numerous botnets with various levels of mining functionality, but goes on to say that, even if the cost of power and hardware is taken out of the equation, mining major cryptocurrencies on infected PCs simply isn’t a worthwhile pursuit and is already effectively obsolete:

    “The difficulty level of common mining algorithms and the nonspecialized hardware that the malware infects make this a futile effort.”

    Hard to hide

    A further concern for these bad actors is that mining is so hardware intensive that it is relatively easy to spot by the owners of the infected PCs and results in high botnet attrition. CoinDesk examined this aspect of the issue after reports of a botnet designed specifically to target powerful gaming PCs emerged last month.

    To get around the problem, malware developers have more recently integrated 'throttling' functionality, which keeps the CPU/GPU cool and effectively puts such attacks into stealth mode.

    However, throttling comes with the disadvantage that it reduces the overall performance of the botnet, as well as the host PCs.

    None of this has stopped malware developers, of course, and now, rather than operate the botnets themselves, they are selling or leasing their botnets and services to poorly informed cyber criminals.

    "In essence, botnet sellers are selling snake oil when they say that buyers can profitably mine virtual currencies," says McAfee.

    Mining malware markets

    The report states that mining malware is abundant and relatively cheap to hire, with prices for some services starting at just $10 a month.

    "Spend some time digging around any underground security forum or marketplace and you will find a myriad of SHA-256 and scrypt miner botnets, builders, and cracked versions of commercial builders and kits, along with the usual assortment of DDoS bots, cryptors, and other nefarious services and tools [...] These are just a tiny fraction of what exists," McAfee says.

    mcafee-mining-botnet-roi.png

    McAfee crunched some numbers and concluded that botnet operators don’t stand to earn much, especially if they are trying to mine bitcoin. Even botnets engaged in mining scrypt altcoins suffer from similar problems.

    are even worse, as smartphones and tablets feature much slower CPUs and GPUs than desktop systems, being based on x86 processors and mainstream discrete GPUs.

    McAfee spells out the likely returns for operators, stating:

    "In a hypothetical example of a 10,000-device botnet, profit without mining is US$11,000.00 while profit with mining is US$11,007.61—just a US$7.61 gain. This assumes an unrealistic attrition rate of 0.25%. A realistic attrition rate of 30% would result in a loss of US$3,265 in potential profit."

    Unprofitable but popular

    The company explained that illicit mining via botnets has moved into the mainstream, due to the fact that mining is now bundled in many toolkits and builders across multiple platforms used by malware developers. Whether or not developers choose to enable mining functionality is up to them.

    "However, there is a great deal of doubt around the profitability of this practice given the resource requirements of the mining algorithms. Nonetheless, the nefarious malware sellers seem to have plenty of motivation to squeeze every possible ounce of profit out of their efforts," McAfee concluded.

    One can safely assume that botnet operators are more technology savvy than the average person, but judging by the tone of McAfee’s report, it seems many of them could still use a lesson or two in cryptocurrency mining and economics.

    Disclosure

    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.