A mining malware called “hAnt” is on the loose in China and it is reportedly targeting Bitmain Bitcoin mining equipment. hAnt infects an antminer and then demands 10 Bitcoins as ransom. If the demand is not met, the hacker threatens to spread the virus across other machines in the mine, according to a media outlet’s report on January 21.
hAnt Becomes the Latest Threat in Bitcoin Mining Farms
Per the report, hAnt is the latest threat across Bitcoin mining farms in China and it began since August 2018. At the moment, assumptions have been made that the virus is unintentionally downloaded by miners who are looking for an overclocking firmware to increase the computing power of the machine. As a result, hAnt infects the machine’s firmware, hijacks the machine, and displays a message.
The message in question which is written both English and Chinese says 10 Bitcoins must be forwarded to the attacker’s address or else at least 10 miners in the farm will be infected. The consequence is, the machine’s fan will be turned off, leading to an overheat that may cause these machines to break down.
Yu Yang, a miner in the region said:
As long as one belt The virus mining machine entered the mine, and the machines in the entire mine will be infected within a few minutes.
Virus Attack Steals Miner’s Bitcoins
While the ransom may seem like the major target of the actor behind the crime, reports reveal that this is not their main aim. It has been said that a virus attack can switch the miner’s address and as such, the mined Bitcoin will be sent to the attacker’s address. Based on reports, a mine which falls a victim can lose about $8,000 (57,600 yuan) in a single day.
A possible solution to this problem has been named and according to the miners, this virus infection can be handled by brushing the SD card. They also revealed that this is comparable to replacing the operating system on a computer. However, the processes involved are more cumbersome and could take as long as four days to clean an SD card.
Virus Evolves to Pose More Attacks
Further reports state that hAnt has evolved to improve its mode of operation. Here, the virus monitors when a miner is changing their password and records the new password. As a consequence, if the SD card is not fully brushed in order to combat the attack, hAnt can still carry out its threat on the machine.
BTCNN on January 15 also reported of a virus that pretends to be a movie file, but when downloaded, steals cryptocurrencies from websites. The effect of the virus places a donation button of Wikipedia and ads on the Google search engine.