Join the BitcoinNews Telegram channel for daily updates >>LINK

Fight Fire with Fire: Botnet Seeks and Destroys Crypto Mining Malware

Fight Fire with Fire: Botnet Seeks and Destroys Crypto Mining Malware

Support free writers: > send a tip

written by

Security firm Netlab 360 has discovered a new botnet named Fbot in a strange case of fighting fire with fire. Fbot appears to be very different from almost any other botnet because it is seeking and destroying another botnet called ufo miner, known to install crypto mining malware on computers.

Fbot doesn’t appear to install any malware of its own, with a seemingly singular purpose of destroying a crypto mining malware botnet.

Botnets are an extremely common tool among hackers. Essentially, a hacker writes a program that installs itself on someone’s computer before propagating itself to more computers. The hacker uses the botnet to steal personal information, and in the case of crypto mining malware botnets, aggregate the weak processing power of thousands to millions of personal computers to mine significant amounts of crypto. Monero mining botnets are very common; one called Smominru infected 526,000 computers and mined millions of dollars of Monero.

In the case of Fbot, it finds the ufo miner software on an infected computer, rewrites itself in place of ufo miner, and then deletes itself. This leaves the computer uninfected, at least from either ufo miner or Fbot. This is probably the first recorded case of a botnet that deletes mining malware rather than installs.

Fbot will be difficult to stop because it uses the Emercoin decentralized domain name system (DNS), rather than the typical centralized DNS. It uses the same software to propagate that other mining malware botnets have been known to use, ADB.miner. Although the Fbot botnet may appear to be “good”, it is definitely installing itself without permission in a virus-esque fashion.

Some assumptions are that Fbot was created by someone trying to eliminate mining malware botnets but there is some evidence of more sinister motives. Netlab 360 found that Fbot has a strong connection to the Satori botnet; based on domain names that use the same registration email. Satori is a malicious botnet that has infected hundreds of thousands of computers.

If true, then Fbot might be produced by Satori to eliminate competition, since competing botnets on a single device results in less than optimal mining revenue.

Regardless of the intentions, the idea of a botnet destroying other botnets could be deployed by white hat hackers to finally curtail the growing crypto mining malware problem.


Follow on Twitter: @bitcoinnewscom

Telegram Alerts from

Want to advertise or get published on – View our Media Kit PDF here.

Image Courtesy: Pixabay

Help spread this article :) is NOT INVESTMENT ADVICE

Opinions expressed are entirely their own and do not necessarily reflect those of

For informational purposes only. Individuals and entities should not construe any information on this site as investment, financial, legal, tax, accounting or other advice. Information provided does not constitute a recommendation or endorsement by to buy or sell bitcoin, cryptocurrencies or other financial instruments. Forecasts are inherently limited and cannot be relied upon. Do your own research and consult a professional advisor. The opinion of authors do not reflect those of 


Read More Bitcoin News


The Tragedy of Fiat Money

Over the course of the last 18 years, the European Central Bank (ECB) printed new currency, multiplying money supply by more than 5 times, bringing it to 1308 billion. Here we discuss whether or not the central bank’s actions could be considered a robbery.

Read More »


Join our Newsletter

Video of the Week


Latest on Bitcoin News

Join our Newsletter