Malware Uses Victims’ Machines to Mine Bitcoin Until Ransom is Paid

Nermin Hajdarbegovic
Feb 10, 2014 at 18:28 UTC

A new Trojan has been discovered by Emsisoft, producer of PC security software. This is no garden-variety Trojan, however, it is a curious hybrid of bitcoin-mining malware and ransomware.

Whereas most ransomware directly attacks your PC or encrypts files stored on its drives, ‘Trojan-Ransom.Win32.Linkup’ blocks internet access by modifying your DNS and turns your computer into a bitcoin-mining bot at the same time.

Luckily, it shouldn’t be hard to spot when your system has been infected. ‘Linkup’ blocks all internet access bar a bogus Council of Europe website, which will demand personal information and a ‘payment method’ (read ‘ransom’) to unblock your access. Needless to say the Council of Europe has absolutely nothing to do with your internet access and you should not pay anything or enter personal details to regain your service.

In addition to messing around with the DNS, Linkup can also link up to a remote server and pressgang your PC into service as a bitcoin-mining bot. This is carried out via a downloader called ‘pts2.exe’, which extracts a second file, named ‘j.exe’, onto your computer. This is, in fact, a popular piece of mining software called ‘jhProtominer’.

The damage that is likely to be inflicted by the Trojan is limited. jhProtominer only works on 64-bit operating systems, but, even so, that still leaves plenty of computers around the globe to infect.

Malware losing the mining battle

Emsisoft says it will keep a close eye on Linkup as it evolves. Since it is an unusual mix of ransomware and bitcoin-mining malware, it is in a class of its own. Luckily the company has already come up with a way of detecting Linkup and says that the Trojan should not be too dangerous, provided it does not metamorphose into something more sophisticated.

Bitcoin-mining malware is becoming increasingly common, but developers of these malicious programs are actually fighting a losing battle. As bitcoin’s hash difficulty goes up, the mining power achievable with hijacking standard PCs decreases exponentially.

Furthermore, security firms are starting to take notice of the new trend in malware, and just a few weeks ago Microsoft helped destroy the Sefnit botnet, which was also stealing bitcoin mining capacity from people’s PCs. Several other illicit bitcoin mining operations have recently gone the same way.

Malware image via Shutterstock

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.