Hackers may be hijacking internet-connected fridges, toasters and light bulbs in order to use their computing power to mine bitcoins, researchers have revealed.IBM researchers discovered a bitcoin mining component in a new variant of Mirai—a form of malware that exploits security vulnerabilities to take control of devices connected to the so-called Internet of Things (IoT).Security firm McAfee recently estimated that more than 2.5 million IoT devices were infected by the Mirai botnet in 2016, though it is not clear how many compromised devices may have been used to mine the virtual currency.Tech & Science - Get the best of Newsweek delivered to your inbox“We do not have any insight into whether or not bitcoins were actually mined during these attacks,” Dave McMillen, a senior threat researcher at IBM, tells Newsweek.“It is also not known whether or not this is the actions of one group or many… This Mirai variant could be appealing to others in the future due to the potentially large volume of devices that could be involved.”Security experts have previously warned that hackers could target smart devices in order to mine bitcoin.

Mikko Hypponen, chief research officer at F-Secure prophesied in 2014 that cryptocurrencies offered a new method for criminals to profit from vulnerable devices.“Attacks don’t target the user but the computer itself,” Hypponen said.“Internet of Things devices can be hacked to mine cryptocurrencies and make money.”Mining bitcoin—the process of confirming bitcoin transactions and adding their record to bitcoin’s public ledger in order to generate new units of the currency—requires vast amounts of computing power.It would therefore require a huge network of IoT devices in order to have a successful mining operation.Details of the Mirai variant were published by the IBM researchers in an online blog, in which they speculated hackers would be incentivized to mine for bitcoin in order to facilitate cybercriminal activities.According to a 2016 study by the security firm BullGuard, up to 185 million devices may be at risk of being compromised by Mirai.Hackers used the network of compromised devices in a series of attacks that caused several major websites to go offline, including Netflix, Reddit and Twitter.Projections from technology research firm Gartner suggest the issue may escalate if security fixes are not implemented by device manufacturers.

According to Gartner, there will be more than 20 billion IoT devices by 2020, while estimates from ABI Research put the figure closer to 30 billion.Cybersecurity experts warn that too many manufacturers treat security as an afterthought when producing internet-enabled devices.Chris Boyd, an analyst at the security firm Malwarebytes, told Newsweek in an interview last year: “The problem here is that many IoT devices are horribly broken security-wise because it costs money to ensure a reasonable standard of protection on a product.”This lax approach will inevitably lead to much more devastating attacks, according to cybersecurity veteran John McAfee.“The attacks are slowly escalating, similar to the way America developed the atomic bomb,” McAfee, who created the eponymous antivirus computer software but is now longer connected to it, said in October.capital gains tax on bitcoin“Clearly there are weaknesses.bitcoin nfc

Anticipate that these will be exploited in a big way.”Thinking of using it to mine Bitcoin?Don't bother McAfee says crooks will be better off sticking to spam and DDoS Despite an increase in popularity over recent months amongst botnet operators, malware-powered Bitcoin mining brings little to no financial return, say experts.bitcoin etf optionsSecurity giant McAfee contends in its quarterly threat report (PDF) that commercial botnet controllers and malware packages have been adding cryptocurrency mining options to their list of services offered.bitcoin lamborghiniThe mining tools - offered alongside botnet task options such as spam runs or distributed denial of service (DDoS) attacks - put infected machines to use mining Bitcoin.bitcoin svenska kronor

Unfortunately for the cybercrooks, however, it seems that a botnet-turned-mining rig doesn't actually make much money in real life.McAfee found that the increasing difficulty of Bitcoin hashes, combined with the attrition rate from malware detections on infected machines, would make turning a profit from botnet mining nearly impossible.ethereum eth usd"We now see botnets with various levels of virtual currency–mining functionality," McAfee said in the report.camp x bitcoin"But even if we allow a zero cost for hardware and power (the costs of the bots and their power are borne by the victims), the difficulty level of common mining algorithms and the nonspecialized hardware that the malware infects make this a futile effort."ethereal portal wowAccording to researcher estimates, a botnet controller attempting to mine Bitcoin with a 10,000 system network would initially see a net loss in operations and with increasing difficulty cycles productivity would plateau off without turning much of a profit.litecoin ripple bitcoin

That rate becomes even lower when mobile devices are added to the equation.Researchers note that with less powerful processors and limited battery life, mobile devices are ill-equipped to function as dedicated cryptocurrency mining tools, especially when this is done via covert malware infections."In a hypothetical example of a 10,000-device botnet, profit without mining is $11,000.00 while profit with mining is $11,007.61—just a $7.61 gain," the company wrote."This assumes an unrealistic attrition rate of 0.25 per cent.A realistic attrition rate of 30 per cent would result in a loss of $3,265 in potential profit."Researchers conclude, therefore, that botnet kingpins are better off avoiding the Bitcoin mining game and sticking with other techniques.That would come as little relief, however, to owners of infected machines who will see their system performance and battery life take a hit whether or not the miner turns a profit.® Tips and correctionsRESEARCHERS HAVE DISCOVERED a new variant of the Mirai botnet, which was first discovered compromising Internet of Things (IoT) devices to carry out DDoS attacks, that can be used to mine bitcoins.

IBM X-Force said it had recently uncovered the new variant of the ELF Linux/Mirai malware, delivering a bitcoin-mining module to its infected hosts.According to IBM security threat researcher Dave McMillen, there is an incentive for criminals to have bitcoins in their pocket to facilitate their activities as it is the currency of choice for purchasing illegal commodities such as malware.He added that it was possible that the attackers were looking to find a way to make bitcoin mining via compromised IoT devices a lucrative venture.The new Mirai variant is similar to another recently-found version that leverages a Windows Trojan.Instead, it focuses on attacking Linux machines running BusyBox software.According to McMillen, the software provides several stripped-down Unix tools in a single executable file and digital video recording (DVR) servers.BusyBox uses a Telnet protocol, which is a 'gateway' into IoT devices for attackers.The add-on to this variant is dubbed a 'bitcoin miner slave'.

As many IoT devices are low-powered, McMillen and his team questioned the effectiveness of this add-on as it would lack the power to create many, if any, bitcoins."Mining bitcoins is a CPU-intensive activity.How many compromised devices would it take to make the mining of bitcoin a viable revenue source for attackers?Wouldn't attackers have better luck compromising a bitcoin exchange company, as has been the case numerous times in the past," he questioned.However, he suggested that Mirai's power to infect thousands of machines at a time could mean there was a possibility that the bitcoin miners could work together in tandem as one large miner consortium."We haven't yet determined that capability, but we found it to be an interesting yet concerning possibility.It's possible that while the Mirai bots are idle and awaiting further instructions, they could be leveraged to go into mining mode," he said.The Mirai botnet has been blamed for several high-profile cyber assaults, including a DDoS attack against internet infrastructure firm Dyn, which caused problems accessing sites including Amazon, Twitter and Netflix.