Mirai, the infamous IoT botnet, now forces 'smart' appliances to mine Bitcoin

Earlier this year, I declared the Internet of Things had officially hit peak stupid, courtesy of a new smart toaster being shown at CES. I should have known better. What’s even more useless than a smart toaster? A smart toaster that’s been hacked to mine Bitcoin.

It’s a concept as incomprehensible as it is stupid. Seven years ago, mining Bitcoins on CPUs was Totally A Thing people did. Six years ago, GPUs like AMD’s HD 5000 series were tearing up the hash charts. Four to five years ago, you could still earn some money mining on GPUs, but the specter of custom-built ASICs was rising, and those offer performance benefits no GPU could compete with.

elf-mirai-attack-activity

IBM’s X-Force picked up a surge in Mirai with Bitcoin mining baked in.

According to IBM’s X-Force initiative, there was a brief spike in a specific variant of Mirai that carries a cryptocurrency mining payload, possibly deployed as a proof-of-concept solution. Here’s how X-Force describes the Bitcoin-mining version:

What we found when we dissected the Mirai sample was pretty much the same Mirai functionality ported over from the Windows version with a focus on attacking Linux machines running BusyBox. This software provides several stripped-down Unix tools in a single executable file and digital video recording (DVR) servers. BusyBox utilizes Telnet, which is targeted with a dictionary attack brute-force tool contained in the Mirai malware. The DVR servers are targeted because many of them use default Telnet credentials.

The Telnet protocol is an attacker’s gateway to compromising IoT devices. Aside from DVRs, many embedded system applications in IoT devices, such as routers, VoIP phones, televisions, industrial control systems and others, leverage Telnet’s remote-access capabilities.

IBM’s X-Force theorizes that this new approach might have been an attempt to monetize Bitcoin mining by spreading the workload out to dozens, even thousands or tens of thousands of IoT products. In principle, yes, this could work. In practice… well. It probably wouldn’t.

What’s the hash rate on a microcontroller?

Over the last few years, people have made something of a game out of mining Bitcoins on unusual bits of hardware. We’ve seen Bitcoin mined via pen-and-paper, and on an ancient IBM 1401. But there’s something about trying to mine BTC on a toaster, wireless light bulb, dildo camera, baby monitor, wine bottle, and/or humidifier that’s particularly pathetic. For one thing, the CPU power packed into this equipment isn’t just “less” than you’d get off an Intel Core i7 or AMD Ryzen 5/ 7 — it’s dramatically less. A single-core Cortex-A8 running at 800MHz – 1GHz would be terrible compared with even a low-end CPU (the Bitcoin article on this topic suggests a hash rate of 0.12 – 0.2MHash/s for the Cortex-A8 and 0.57 for the Cortex A9). Imagine trying this with a Cortex-M3 or M4-class processor, which offer significantly less performance than their Cortex counterparts.

Now, add the fact that a Cortex-A8 is still a high-end CPU by the standards of a lot of embedded products. You’re not going to get much call for an ARM-optimized Bitcoin client capable of toasting and hashing. Whatever bright bulb tried to create this solution will find himself painstakingly writing a lot of hand-tuned code to execute BTC operations “optimally” on ancient hardware.

We suspect the reason IBM saw a steep drop-off in Mirai’s BTC client is because it’s just too damn hard to get Bitcoins out of your microwave. Best to let the Internet of Things focus on what it does best — destroying perfectly useful products, stuffing landfills with insane amounts of plastic garbage, and making no one’s life better, ever. Oh yeah — and that whole “crash the Internet at will with an army of bots” shtick. It does that pretty well, too.

Scroll to Top