Incident Response, Malware, TDR

Darlloz variant infects Intel systems to mine Dogecoins, MinCoins

Darlloz, a worm capable of targeting traditional computers and internet-enabled home devices running Linux, has been updated to mine cryptocurrencies.

On Wednesday, Kaoru Hayashi, a threat analyst at Symantec, revealed in a blog post that, as of last month, more than 31,000 devices were infected with Darlloz. The worm was discovered in November, when it was being leveraged to target only Intel x86 systems.

“Once a computer running Intel architecture is infected with the new variant, the worm installs cpuminer, an open source coin mining software,” Hayashi wrote.

Instead of targeting the more popular, and valuable, cryptocurrency Bitcoin, the latest Darlloz variant (found in mid-January) goes after MinCoins and Dogecoins, he said.

“The reason for this is MinCoin and Dogecoin use the scrypt algorithm, which can still mine successfully on home PCs, whereas Bitcoin requires custom ASIC [application-specific integrated circuit] chips to be profitable,” Hayashi explained.

He added that by the end of February Darlloz had mined nearly $200 worth of Dogecoins and MinCoins, a “relatively low [amount] for the average cyber crime activity,” but that theft would likely grow in scale as the malware evolves.

Last November, for instance, Symantec found that Darlloz was designed to target “internet of things” devices like home routers, set-top boxes and security cameras, though no attacks against those devices had yet been detected. Now, 38 percent of Darlloz infections have impacted a range of connected home devices, the firm found.

According to Symantec, 50 percent of all Darlloz infections have been concentrated in the U.S., China, South Korea, Taiwan and India.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.