Linux Worm targets Internet-enabled Home appliances to Mine Cryptocurrencies

Could a perfectly innocent looking device like router, TV set-top box or security cameras can mine Bitcoins? YES! Hackers will not going to spare the Smart Internet-enabled devices.

A Linux worm named Linux.Darlloz, earlier used to target Internet of Things (IoT) devices, i.e. Home Routers, Set-top boxes, Security Cameras, printers and Industrial control systems; now have been upgraded to mine Crypto Currencies like Bitcoin.

Security Researcher at Antivirus firm Symantec spotted the Darlloz Linux worm back in November and they have spotted the latest variant of the worm in mid-January this year.

Linux.Darlloz worm exploits a PHP vulnerability (CVE-2012-1823) to propagate and is capable to infect devices those run Linux on Intel’s x86 chip architecture and other embedded device architectures such as PPC, MIPS and MIPSEL.

The latest variant of Linux.Darlloz equipped with an open source crypto currency mining tool called 'cpuminer', could be used to mine Mincoins, Dogecoins or Bitcoins.

Symantec Researchers scanned the entire address space of the Internet and found 31,716 devices infected with Darlloz. "By the end of February 2014, the attacker mined 42,438 Dogecoins (approximately US$46 at the time of writing) and 282 Mincoins (approximately US$150 at the time of writing). These amounts are relatively low for the average cybercrime activity so, we expect the attacker to continue to evolve their threat for increased monetization." Kaoru Hayashi, senior development manager and threat analyst with Symantec in Japan.

Major infected countries are China, the U.S., South Korea, Taiwan and India.

Crypto Currency typically requires more memory and a powerful CPUs, so the malware could be updated to target other IoT devices in the future, such as home automation devices and wearable technology.

A Few weeks back, Cisco has announced a global and industry-wide initiative to bring the Security community and Researchers together to contribute in securing the Internet of Things (IoT) and launched a contest called the "Internet of Things Grand Security Challenge", offering prizes of up to $300,000 for winners.

Users are advised to update firmware and apply security patches for all software installed on computers or Internet-enabled devices. Make sure, you are not using default username or password for all devices and block port 23 or 80 from outside if not required.