Defend what you create

Other Resources

Close

Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Back to news

Litecoin miner disguises itself as legitimate applications

January 13, 2014

Russian anti-virus company Doctor Web is informing users about the malignant program Trojan.BtcMine.221 which is designed to mine litecoins. The Trojan spreads in the guise of various applications and browser extensions—for example, one of them supposedly helps users find lower priced goods online.

This malware is distributed from several sites belonging to criminals. The program's developers claim that the extension, whose title is Shopping Suggestion, automatically acquires information about the goods users are viewing in their browsers and searches the Internet for the same goods at lower prices. Also, this Trojan is often disguised as other applications, such as the VLC-player or software for anonymous surfing on the Internet. It bears mentioning that the malware has been spreading over the Internet for at least a year. In fact Trojan.BtcMine.221 mines litecoins (an alternative to bitcoins), for which it utilizes hardware resources of the computer without the user's knowledge. It should be noted that the digital signatures were obtained by the developers for legitimate applications with similar names, but the signatures are utilised for the Trojan too.

screen

According to statistics compiled by Doctor Web's analysts, in December the botnet created using Trojan.BtcMine.221 included 311,477 bots. The largest number of hosts infected by Trojan.BtcMine.221 (56,576) are located in the United States. Brazil ranks second with 31,567 bots, and Turkey ranks third with 25,077 compromised machines. Russia, with 22,374 registered installations, is in fourth place. The distribution of infected computers by country is shown on the illustration below.

graph

An average of 203,406 bots go online every day. As many as 49,149 newly infected machines connected to the network in just three days in December 2013, while the number of Trojans removed during the same period reached only 6,028.

The Trojan.BtcMine.221 botnet consists of several subnets, which differ according to the Trojan miner version operating on the compromised computers. Some of them use CPU resources for mining, while others utilise GPUs. One of the subnets includes about 65,000 active bots. The average daily income for the criminals involved is 1,454.53 U.S. dollars. The Average processing power of that subnet (hash rate) is 167,647 KH/s; the daily fluctuations of this indicator can be traced on the graph presented below:

graph

If you suspect that such a Trojan has penetrated your system, it is recommended that you perform a full scan of your computer with Dr.Web scanner or the free curing utility Dr.Web CureIt!.

Tell us what you think

You will be awarded one Dr.Webling per comment. To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.


Other comments

The Russian developer of Dr.Web anti-viruses

Doctor Web has been developing anti-virus software since 1992

Dr.Web is trusted by users around the world in 200+ countries

The company has delivered an anti-virus as a service since 2007

24/7 tech support

© Doctor Web
2003 — 2019

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125040