Botnet Mining

What Is Botnet Mining?

Botnet mining is the use of malignant software to hijack a device's central processing unit to mine cryptocurrency. Hackers deploy a malware program that carries out the cryptocurrency mining work and sends it to the bot-herder, who is the remote attacker.

The word "botnet" is a portmanteau of the words "robot" and "network." Botnets that target cryptocurrencies are called botnet miners. These systems allow their creators to mine cryptocurrency at the expense of unsuspecting device owners who have no idea their machines are being used.

Key Takeways

  • A botnet is a piece of malware that infects computers to carry out commands under the remote control of the attacker, known as the bot-herder.
  • Cryptocurrency botnets make money for their creators by discreetly infecting various devices worldwide and forcing them to mine cryptocurrencies.
  • Cryptocurrency botnets use multiple wallets linked to many mining pools to store illegally earned cryptocurrencies.
  • Crypto-mining bots can generate millions of dollars per year.

Understanding Botnet Mining

A botnet system is similar to standard computer malware. Computer malware is like any other computer program, but it is designed to use computers for nefarious activities—such as corrupting systems, destroying or stealing data, or using them for illegal activities. These illicit pursuits, of course, can have a detrimental effect on the device, data, network, and users.

Botnets are automated programs developed as lines of code by their creators and made to sneak onto a user’s device. Botnets use the machine’s processing power, electricity, and internet bandwidth to perform specific functions. Common botnet actions include:

Botnet mining is used to steal cryptocurrencies. This type of botnet is usually released on a private network of interconnected computers. It then uses the cumulative power of the devices, resulting in more computational power. This can boost mining output and the corresponding rewards for the botnet creators.

Unless caught by anti-virus or anti-malware programs installed on the device, the malware runs without the owner’s knowledge. It is generally capable of replicating itself to other connected devices on the network.

Known botnet attacks

In January 2018, Alphabet Inc’s Google (GOOGL) DoubleClick ad services were used to distribute cryptocurrency mining malware to many users in Europe and Asia. The following month, more than half a million computing devices were hijacked by a botnet called Smominru. The botnet forced the machines to mine millions of dollars worth of cryptocurrency.

Another crypto-jacking botnet named Sysrv-hello began making its rounds in December 2020. Sysrv-hello targeted enterprise web applications and deployed on both Windows and Linux systems. Like other botnets, it continuously evolved to stay ahead of security researchers and law enforcement. Extremely aggressive, Sysrv contained a component that hunted for and shut down other crypto-mining botnets.

Some botnets have been hidden in DRM bypassed—also called "cracked"—versions of video games and other software, so it's essential to ensure you use non-pirated, unaltered, purchased, or open-source software and games.

Botnets Are Getting Stronger

The more attractive cryptocurrencies for botnet creators are the ones with the most value, like Bitcoin (BTC) and Ethereum (ETH). Monero (XMR) is also preferred by these crypto-jackers.

Cryptocurrency mining is becoming more complicated and resource-intensive because the computational difficulty increases over time. Cyber security experts are also developing ways to combat these programs.

Botnet developers are working to ensure that their programs can overcome these obstacles, so their creations are becoming stronger. Given the significant profits that can be gained by using botnets, their use is expected to grow and become more difficult to detect and remove.

Because the cryptocurrency infrastructure is still evolving, threats like this loom large over the networks, their users, and unsuspecting device owners. While it is difficult to contain the menace at the individual user level, you can reduce the chances that your device is hijacked by using up-to-date anti-virus and malware programs and monitoring your system's active processes.

What Is a Botnet?

A botnet (derived from "robot network") is a large group of internet-connected devices that are infected with malware and controlled by a single operator. Criminals use botnets to launch large-scale attacks to disrupt services, steal login credentials, and gain unauthorized access to systems.

What Is Botnet Mining?

Botnet mining is when a botnet is used to mine cryptocurrencies. The botnets hijack CPUs on infected machines to mine the coins, which can be worth tens of thousands of dollars each. Botnet miner creators make money at the expense of unsuspecting device owners who have no idea their machines are being used to mine cryptocoins.

How Can I Tell If I Have a Botnet?

Botnets target cryptocurrency users and miners. Your internet connection could slow down, your computer or server may slow down, or you might experience high CPU or GPU usage when your equipment is idle. You also may not be able to close or remove specific programs or update your operating system. Antivirus and malware software with up-to-date definitions can help you detect it.

Investing in cryptocurrencies and other Initial Coin Offerings (“ICOs”) is highly risky and speculative, and this article is not a recommendation by Investopedia or the writer to invest in cryptocurrencies or other ICOs. Since each individual's situation is unique, a qualified professional should always be consulted before making any financial decisions. Investopedia makes no representations or warranties as to the accuracy or timeliness of the information contained herein.

Take the Next Step to Invest
The offers that appear in this table are from partnerships from which Investopedia receives compensation. This compensation may impact how and where listings appear. Investopedia does not include all offers available in the marketplace.