Darlloz variant infects Intel systems to mine Dogecoins, MinCoins

Share this article:
The worm installs coin mining software on infected computers running Intel x86 architectures.
The worm installs coin mining software on infected computers running Intel x86 architectures.

Darlloz, a worm capable of targeting traditional computers and internet-enabled home devices running Linux, has been updated to mine cryptocurrencies.

On Wednesday, Kaoru Hayashi, a threat analyst at Symantec, revealed in a blog post that, as of last month, more than 31,000 devices were infected with Darlloz. The worm was discovered in November, when it was being leveraged to target only Intel x86 systems.

“Once a computer running Intel architecture is infected with the new variant, the worm installs cpuminer, an open source coin mining software,” Hayashi wrote.

Instead of targeting the more popular, and valuable, cryptocurrency Bitcoin, the latest Darlloz variant (found in mid-January) goes after MinCoins and Dogecoins, he said.

“The reason for this is MinCoin and Dogecoin use the scrypt algorithm, which can still mine successfully on home PCs, whereas Bitcoin requires custom ASIC [application-specific integrated circuit] chips to be profitable,” Hayashi explained.

He added that by the end of February Darlloz had mined nearly $200 worth of Dogecoins and MinCoins, a “relatively low [amount] for the average cyber crime activity,” but that theft would likely grow in scale as the malware evolves.

Last November, for instance, Symantec found that Darlloz was designed to target “internet of things” devices like home routers, set-top boxes and security cameras, though no attacks against those devices had yet been detected. Now, 38 percent of Darlloz infections have impacted a range of connected home devices, the firm found.

According to Symantec, 50 percent of all Darlloz infections have been concentrated in the U.S., China, South Korea, Taiwan and India.

Share this article:

Sign up to our newsletters

More in News

Incapsula mitigates multi-vector DDoS attack lasting longer than a month

Incapsula mitigates multi-vector DDoS attack lasting longer than ...

Incapsula's scrubbing servers were able to filter out more than 50 petabits of malicious DDoS traffic aimed at a video game company for longer than a month.

UPS announces breach impacting 51 U.S. locations

The shipping and printing provider said malware has been present on some stores' computer systems since mid-January.

'Machete' espionage campaign targets orgs in Venezuela, Ecuador

The campaign targets Spanish speaking victims, which also appears to be the native language of attackers.