Hackers may have started employing a clever tactic in an effort to enlist powerful PCs into cryptocurrency mining botnets.
According to GameCrastinate, a game torrent is installing bitcoin mining malware on the computers of thousands of unsuspecting users. The torrent in question is Watch Dogs, an upcoming AAA title from Ubisoft, which is scheduled to officially launch tomorrow, 27th May.
However, the reports have been questioned by some gamers who claim that they downloaded the same torrent – with no bitcoin mining malware in tow. Of course, this does not mean that the torrent is safe, as some users may have evaded infection through other means.
If it is true, the new approach is a clever one, as it makes life easier for botnet operators on more than one level.
Quality vs quantity
Botnets are supposed to be big, the bigger the better. However, this rule does not always apply to mining botnets.
Infecting an ancient PC with integrated graphics is pointless and to some extent counterproductive. However, gaming PCs powered by high-end graphic cards make a lot more sense – AMD Radeons based on Tahiti and Hawaii GPUs, such as the Radeon R9 290, R9 280 and HD 7900 series, remain a popular choice for many altcoin miners out there.
Nobody would try to download, install and run a demanding game like Watch Dogs on sub-par hardware, so in theory this approach could give the attacker access to a limited pool of PCs, but practically every one of them would have a powerful GPU.
Furthermore, a smaller botnet is harder to detect, and just a few dozen gaming rigs can mine more altcoins than hundreds of antiquated office boxes.
AMD’s market share in the discrete graphics market hovers around 33%, with Nvidia accounting for the rest. In other words, one in three gaming PCs is equipped with a relatively powerful Radeon card, making these a viable mining platform for altcoins based on the scrypt algorithm, such as litecoin and dogecoin.
Pitfalls to the scheme
Using torrented games to spread mining malware makes sense, as it allows the attacker to specifically target PCs capable of delivering a lot of parallel computing performance. Using an unreleased title is a clever choice too, as torrents of unreleased builds tend to be unstable and exhibit performance issues, so the added load of GPU mining could be hidden to some extent.
There are a few problems though. PC gamers are hardware enthusiasts and most of them would notice the telltale signs of mining with relative ease. For example, high-end graphics cards are inaudible in 2D mode, but when they are placed under load, they can by anything but silent, as they ship with one to three fans that throttle up as the GPU starts crunching numbers.
Such an attack should be easily detected and, since it would be associated with a single source in the form of a torrent file, the infected torrent would be easy to trace and eliminate.