Security firm McAfee has issued its latest quarterly threat report, focusing on a wide range of emerging technology security risks, including mobile malware disseminated by Flappy Bird clones and dangerous rootkits.
The June 2014 edition of the McAfee Labs Threats Report is the first time McAfee has taken an in-depth look at cryptocurrency mining botnets.
McAfee reports seeing numerous botnets with various levels of mining functionality, but goes on to say that, even if the cost of power and hardware is taken out of the equation, mining major cryptocurrencies on infected PCs simply isn’t a worthwhile pursuit and is already effectively obsolete:
“The difficulty level of common mining algorithms and the nonspecialized hardware that the malware infects make this a futile effort.”
Hard to hide
A further concern for these bad actors is that mining is so hardware intensive that it is relatively easy to spot by the owners of the infected PCs and results in high botnet attrition. CoinDesk examined this aspect of the issue after reports of a botnet designed specifically to target powerful gaming PCs emerged last month.
To get around the problem, malware developers have more recently integrated 'throttling' functionality, which keeps the CPU/GPU cool and effectively puts such attacks into stealth mode.
However, throttling comes with the disadvantage that it reduces the overall performance of the botnet, as well as the host PCs.
None of this has stopped malware developers, of course, and now, rather than operate the botnets themselves, they are selling or leasing their botnets and services to poorly informed cyber criminals.
"In essence, botnet sellers are selling snake oil when they say that buyers can profitably mine virtual currencies," says McAfee.
Mining malware markets
The report states that mining malware is abundant and relatively cheap to hire, with prices for some services starting at just $10 a month.
"Spend some time digging around any underground security forum or marketplace and you will find a myriad of SHA-256 and scrypt miner botnets, builders, and cracked versions of commercial builders and kits, along with the usual assortment of DDoS bots, cryptors, and other nefarious services and tools [...] These are just a tiny fraction of what exists," McAfee says.
McAfee crunched some numbers and concluded that botnet operators don’t stand to earn much, especially if they are trying to mine bitcoin. Even botnets engaged in mining scrypt altcoins suffer from similar problems.
Mobile mining botnets are even worse, as smartphones and tablets feature much slower CPUs and GPUs than desktop systems, being based on x86 processors and mainstream discrete GPUs.
McAfee spells out the likely returns for operators, stating:
"In a hypothetical example of a 10,000-device botnet, profit without mining is US$11,000.00 while profit with mining is US$11,007.61—just a US$7.61 gain. This assumes an unrealistic attrition rate of 0.25%. A realistic attrition rate of 30% would result in a loss of US$3,265 in potential profit."
Unprofitable but popular
The company explained that illicit mining via botnets has moved into the mainstream, due to the fact that mining is now bundled in many toolkits and builders across multiple platforms used by malware developers. Whether or not developers choose to enable mining functionality is up to them.
"However, there is a great deal of doubt around the profitability of this practice given the resource requirements of the mining algorithms. Nonetheless, the nefarious malware sellers seem to have plenty of motivation to squeeze every possible ounce of profit out of their efforts," McAfee concluded.
One can safely assume that botnet operators are more technology savvy than the average person, but judging by the tone of McAfee’s report, it seems many of them could still use a lesson or two in cryptocurrency mining and economics.