Learning Library

← Back to Library

Crypto Mining Botnet via Phishing

5mUnknown ChannelsecuritytutorialintermediateWatch on YouTube ↗

Key Points

  • The speaker outlines a malicious plan to build a crypto‑mining botnet by infecting other people’s computers, emphasizing that a network of compromised machines is far more efficient than a single system.
  • He targets engineering students who are likely gamers with powerful GPUs, using publicly available botnet code from GitHub labeled “educational purposes.”
  • The infection vector relies on social engineering: fake professor‑like emails with a PDF textbook attachment that silently deploys the botnet malware when opened.
  • After distributing the malicious PDFs, the botnet begins mining, but its activity is eventually detected when a victim notices severe performance loss and runs antivirus software, which identifies and removes the known code.
  • The scenario illustrates how easily accessible malware resources and simple phishing tactics can enable crypto‑mining attacks, while also showing the importance of up‑to‑date security tools in detecting such threats.

Sections

Full Transcript

# Crypto Mining Botnet via Phishing **Source:** [https://www.youtube.com/watch?v=mqzP7gJDM2s](https://www.youtube.com/watch?v=mqzP7gJDM2s) **Duration:** 00:05:23 ## Summary - The speaker outlines a malicious plan to build a crypto‑mining botnet by infecting other people’s computers, emphasizing that a network of compromised machines is far more efficient than a single system. - He targets engineering students who are likely gamers with powerful GPUs, using publicly available botnet code from GitHub labeled “educational purposes.” - The infection vector relies on social engineering: fake professor‑like emails with a PDF textbook attachment that silently deploys the botnet malware when opened. - After distributing the malicious PDFs, the botnet begins mining, but its activity is eventually detected when a victim notices severe performance loss and runs antivirus software, which identifies and removes the known code. - The scenario illustrates how easily accessible malware resources and simple phishing tactics can enable crypto‑mining attacks, while also showing the importance of up‑to‑date security tools in detecting such threats. ## Sections - [00:00:00](https://www.youtube.com/watch?v=mqzP7gJDM2s&t=0s) **Malicious Botnet for Crypto Mining** - A narrator role‑plays a cyber‑criminal outlining how they'd recruit gamers via email, deploy a botnet, and hijack their GPU resources to mine cryptocurrency. - [00:03:08](https://www.youtube.com/watch?v=mqzP7gJDM2s&t=188s) **Crypto Miner Discovered and Stopped** - The speaker describes how their crypto‑mining malware was identified by users' protection software, leading to widespread removal and ultimately enabling a student to trace and expose the attacker. ## Full Transcript
0:00This video is a fun scenario, and it's to try and teach you something a little bit about malware. 0:05And in this video, I'm a bad actor, 0:08who has recently gotten into mining cryptocurrencies. 0:12However, the system I have right now is not ideal for crypto mining. 0:18However, I know if I had multiple systems working for me as a group, 0:24then that would be way more efficient. 0:27Unfortunately, I don't have the resources to buy all of those systems, 0:33but why would I need to buy them if I could just use other people's systems? 0:38And so what I'll do is I'll have a malware infect those systems 0:42and have them all use resources for me 0:46to mine cryptocurrencies. 0:48Now, how do we go about that? 0:50Well, one thing to consider is that we want systems with good GPUs. 0:56And which kind of demographic has the best GPUs? 1:00Gamers! 1:01Luckily, I also just graduated from university 1:04and I have all of my former engineering classmates' emails. 1:08And I know that a vast majority of engineers are all gamers. 1:13So, boom, I have my targets. 1:15Now, what kind of malware would I use to do something like this? 1:19I know there's everything out there from viruses to worms to trojans, 1:23but what we actually described here is considered a botnet, 1:27to where there's multiple infected systems working for me 1:31under one controlled priority. 1:34And this is not known to the owners of these systems. 1:38So it's working in the background. 1:40And after a quick Google search, 1:42I found some botnet code on GitHub that was listed for "educational purposes" 1:48and luckily it's perfect for what I'm trying to do. 1:53So we have the malware. 1:55How do we get it on to our victim's systems? 1:57Now, this part is going to take a little bit of social engineering. 2:00For this, we know that the victims are all engineering students. 2:06And so what I'll do is I'll hide the malware in a PDF file 2:12that seemingly contains pages to a textbook for one of the required classes. 2:18And then I'll create various email accounts 2:21with names similar to that of the professors for that class 2:25and construct emails that sound friendly like, 2:29"Hey, hope you're having a good summer! 2:31Look forward to seeing you in the fall. 2:33Here is the required textbook for this specific class. 2:38I know that textbooks can get pricey, so here's the PDF." 2:42And then if a student downloads the PDF and opens it, 2:45then the botnet code will start to install itself 2:49and start using the computer's resources in the background. 2:54So if I repeat this process for all of the major classes, 2:57then now I have thousands of potential victims. 3:00So I send out the emails, 3:03and sure enough I start getting bots to show up on my botnet. 3:09The crypto mining operation has begun. 3:13Soon, however, one of my victims realizes 3:16that they cannot run their games without severe performance drops, 3:20and so they get a malware protection service to scan their device. 3:25And since I found my code online, 3:29the protection software was easily able to recognize it and remove it from their device. 3:35Then later, another student, who already had malware protection on their device, 3:40had the service automatically scan the PDF before they downloaded it, 3:46and sure enough it spotted the malware and notified them. 3:50And then the student notified the school about it, 3:53and sure enough, my mining operation began to deteriorate 3:58as more and more students were removing it from their devices 4:02and preventing other students from downloading it in the first place. 4:05Then one smart student in particular began-- or knew about the malware, 4:11found that it was on their device 4:13and then tracked me down by analyzing the device 4:16and the bot's connection to the botnet 4:19and found me fairly easily through that. 4:22Needless to say, it did not work out for me. 4:26So, some general advice I'd give for everyone is, one: to keep your devices updated. 4:35There's always known vulnerabilities coming out, 4:38and so keeping your devices updates helps mitigate the risk 4:41of people exploiting vulnerabilities that have just come out. 4:46Next, use protection. 4:50Use protection software. 4:53Use malware protection software. 4:55And last, don't be a bad guy. 5:00Don't be a bad guy. 5:01If you're going to be a bad actor, know what you're getting yourself into. 5:05And so, if you're going to take away anything from this video, 5:07know that malware is malicious software. 5:11Two: follow the advice. 5:13And three: don't go downloading files and executing them without knowing the source. 5:19Thanks for watching. 5:20If you enjoyed this content, be sure to like and subscribe.