Chinese Bitcoin Miners Infected by Ransomware as Bitmain’s Antminers Become Focal Point
Every industry has the same issues; the boom and bust cycles, the struggles during its early days and deplorable criminals looking to make a quick buck. The crypto industry is no different, with scams and virus aplenty to fill up volumes. The latest story out of China is of a virus that has been stealthily targetting bitcoin miners.
According to local Chinese news sources, hAnt is the virus that has found its way to various mining machines. It looks to extort a ransom from the miners while also stealing the power of the machine. This has been spreading like wildfire will thousands of dollars already lost.
What Is The Virus
The hAnt has a fairly intriguing modus operandi. The source of the virus is a firmware upgrade. Most experts opine that the virus is attached to an overclocking feature in this firmware version.
When an unsuspecting miner downloads this, it accesses the systems sensitive access points but remains dormant for long periods. It is thought that the original spread happened all the way back in August. However, it was only earlier this month that the virus activated itself. On many interfaces of mining management software there appeared a green screen with an ant.
When one clicks on the picture the user is greeted with a message in Chinese and English. This message, from the hacker, tells the miner that they have been hacked. It then gives them two options; either help propagate the “firmware patch” to a 1000 other machines or pay up 10 bitcoin to the anonymous hacker. The note ends on an ominous note stating that noncompliance will lead to overriding of the system fan and overheat protection which might lead to “burning your mine or even the house.”
The infected are mostly Bitmain’s antminers. According to the data collected the S9, T9, and the Litecoin miner L3+ have some traces of infected records.
What Is Overclocking
Simply put, Overclocking refers to “running a processor at a speed higher than that intended by the manufacturers.” As expected this is not recommended by the manufactures as, with a boost in results it also leads to side effects, usually overheating.
In relation to mining machines, overclocking has a direct monetary benefit. Overclocking may improve the computing power by nearly a third. Unsurprisingly this is a fairly common practice.
What some forget or ignore is that this greatly increases the consumption of power and places extra demands on the cooling system. Furthermore, it has a debilitating effect on the mining machines chip.
Working Out The Solution
According to a miner, who remained anonymous, there are two prospective solutions to deal with this threat.”The first solution is the SD card of the brushing machine, ie the firmware.” A simple yet effective measure akin to reinstalling an operating system.
While this would indeed be a direct and most effective solution it is hardly efficient, A full brushing can take up as much as four days to complete. So for nearly all of a working week, the machines would be idle, losing thousands for its owners. Another way suggested is to update the byte library of the mining machine, a process easier said than done.
Old Tricks New Hands
Spreading viruses in this industry is not a new phenomenon either. Back in 2013, some viruses were used to hijack computers to be secretly mined. However large scale mining attacks have been a recent plague, with its effects felt from August 2018.
Experts are suggesting simple password protections to combat this latest effort that is nontouristy contagious; even a single infected machine will infect the entire mine in a matter of minutes. Simply ensuring that the factory default passwords for routers and mines are updated, could prevent this virus' intrusions.
Though some experts such as Feng Xiao believes this is a more advanced threat and so just a password update will not suffice.
“If mine owners don't kill the virus or re-brush, they will put the mine directly on the shelves, which may cause the mine virus to spread further”
While this latest attack will not break digital assets, it is certainly an unwelcome distraction. Some sources claim this could negatively affect the markets by as much as 3 percent. Undoubtedly, this storm shall pass over too, it is hoped that lessons will be learned and the same mistakes will be avoided, for the good of the whole crypto industry.