Crypto Mining Botnet via Phishing
Key Points
- The speaker outlines a malicious plan to build a crypto‑mining botnet by infecting other people’s computers, emphasizing that a network of compromised machines is far more efficient than a single system.
- He targets engineering students who are likely gamers with powerful GPUs, using publicly available botnet code from GitHub labeled “educational purposes.”
- The infection vector relies on social engineering: fake professor‑like emails with a PDF textbook attachment that silently deploys the botnet malware when opened.
- After distributing the malicious PDFs, the botnet begins mining, but its activity is eventually detected when a victim notices severe performance loss and runs antivirus software, which identifies and removes the known code.
- The scenario illustrates how easily accessible malware resources and simple phishing tactics can enable crypto‑mining attacks, while also showing the importance of up‑to‑date security tools in detecting such threats.
Sections
- Malicious Botnet for Crypto Mining - A narrator role‑plays a cyber‑criminal outlining how they'd recruit gamers via email, deploy a botnet, and hijack their GPU resources to mine cryptocurrency.
- Crypto Miner Discovered and Stopped - The speaker describes how their crypto‑mining malware was identified by users' protection software, leading to widespread removal and ultimately enabling a student to trace and expose the attacker.
Full Transcript
# Crypto Mining Botnet via Phishing **Source:** [https://www.youtube.com/watch?v=mqzP7gJDM2s](https://www.youtube.com/watch?v=mqzP7gJDM2s) **Duration:** 00:05:23 ## Summary - The speaker outlines a malicious plan to build a crypto‑mining botnet by infecting other people’s computers, emphasizing that a network of compromised machines is far more efficient than a single system. - He targets engineering students who are likely gamers with powerful GPUs, using publicly available botnet code from GitHub labeled “educational purposes.” - The infection vector relies on social engineering: fake professor‑like emails with a PDF textbook attachment that silently deploys the botnet malware when opened. - After distributing the malicious PDFs, the botnet begins mining, but its activity is eventually detected when a victim notices severe performance loss and runs antivirus software, which identifies and removes the known code. - The scenario illustrates how easily accessible malware resources and simple phishing tactics can enable crypto‑mining attacks, while also showing the importance of up‑to‑date security tools in detecting such threats. ## Sections - [00:00:00](https://www.youtube.com/watch?v=mqzP7gJDM2s&t=0s) **Malicious Botnet for Crypto Mining** - A narrator role‑plays a cyber‑criminal outlining how they'd recruit gamers via email, deploy a botnet, and hijack their GPU resources to mine cryptocurrency. - [00:03:08](https://www.youtube.com/watch?v=mqzP7gJDM2s&t=188s) **Crypto Miner Discovered and Stopped** - The speaker describes how their crypto‑mining malware was identified by users' protection software, leading to widespread removal and ultimately enabling a student to trace and expose the attacker. ## Full Transcript
This video is a fun scenario, and it's to try and teach you something a little bit about malware.
And in this video, I'm a bad actor,
who has recently gotten into mining cryptocurrencies.
However, the system I have right now is not ideal for crypto mining.
However, I know if I had multiple systems working for me as a group,
then that would be way more efficient.
Unfortunately, I don't have the resources to buy all of those systems,
but why would I need to buy them if I could just use other people's systems?
And so what I'll do is I'll have a malware infect those systems
and have them all use resources for me
to mine cryptocurrencies.
Now, how do we go about that?
Well, one thing to consider is that we want systems with good GPUs.
And which kind of demographic has the best GPUs?
Gamers!
Luckily, I also just graduated from university
and I have all of my former engineering classmates' emails.
And I know that a vast majority of engineers are all gamers.
So, boom, I have my targets.
Now, what kind of malware would I use to do something like this?
I know there's everything out there from viruses to worms to trojans,
but what we actually described here is considered a botnet,
to where there's multiple infected systems working for me
under one controlled priority.
And this is not known to the owners of these systems.
So it's working in the background.
And after a quick Google search,
I found some botnet code on GitHub that was listed for "educational purposes"
and luckily it's perfect for what I'm trying to do.
So we have the malware.
How do we get it on to our victim's systems?
Now, this part is going to take a little bit of social engineering.
For this, we know that the victims are all engineering students.
And so what I'll do is I'll hide the malware in a PDF file
that seemingly contains pages to a textbook for one of the required classes.
And then I'll create various email accounts
with names similar to that of the professors for that class
and construct emails that sound friendly like,
"Hey, hope you're having a good summer!
Look forward to seeing you in the fall.
Here is the required textbook for this specific class.
I know that textbooks can get pricey, so here's the PDF."
And then if a student downloads the PDF and opens it,
then the botnet code will start to install itself
and start using the computer's resources in the background.
So if I repeat this process for all of the major classes,
then now I have thousands of potential victims.
So I send out the emails,
and sure enough I start getting bots to show up on my botnet.
The crypto mining operation has begun.
Soon, however, one of my victims realizes
that they cannot run their games without severe performance drops,
and so they get a malware protection service to scan their device.
And since I found my code online,
the protection software was easily able to recognize it and remove it from their device.
Then later, another student, who already had malware protection on their device,
had the service automatically scan the PDF before they downloaded it,
and sure enough it spotted the malware and notified them.
And then the student notified the school about it,
and sure enough, my mining operation began to deteriorate
as more and more students were removing it from their devices
and preventing other students from downloading it in the first place.
Then one smart student in particular began-- or knew about the malware,
found that it was on their device
and then tracked me down by analyzing the device
and the bot's connection to the botnet
and found me fairly easily through that.
Needless to say, it did not work out for me.
So, some general advice I'd give for everyone is, one: to keep your devices updated.
There's always known vulnerabilities coming out,
and so keeping your devices updates helps mitigate the risk
of people exploiting vulnerabilities that have just come out.
Next, use protection.
Use protection software.
Use malware protection software.
And last, don't be a bad guy.
Don't be a bad guy.
If you're going to be a bad actor, know what you're getting yourself into.
And so, if you're going to take away anything from this video,
know that malware is malicious software.
Two: follow the advice.
And three: don't go downloading files and executing them without knowing the source.
Thanks for watching.
If you enjoyed this content, be sure to like and subscribe.