Why this Monero mining malware was a complete failure

The LiquorBot malware is capable of infecting millions of devices but all to generate a pathetic amount of cryptocurrency.

2 min read

When most people picture a cryptocurrency mining virus capable of infecting millions of Internet of Things (IoT) smart devices, they might envision that the group behind the operation must be filled with some seriously talented, albeit misguided individuals.

While that very may well be the case for most malware, one recent example, known as LiquorBot shows that sometimes more than just technological savvy is needed to craft a successful virus.

LiquorBot was first spotted in the wild by Romanian cybersecurity company BitDefender back in May 2019. Its researchers then began tracking the development of its code—including watching for feature updates and changes. The team found that the virus is a redeveloped version of a widespread earlier virus known as Mirai, but was instead written in a programming language called Golang.

Although the bot isn't particularly impressive in terms of technical capabilities, it does make use of a whole host of different exploits and was cross-compiled to work on multiple different CPU architectures including ARM, ARM64, x86, x64, MIPS—allowing it to target a huge range of routers and other smart devices. Likewise, the malware is unusual in the fact that it was active practically all last year, undergoing at least 13 updates since BitDefender began tracking its evolution last May.

Broken from the start

The Russian-designed virus was designed to covertly mine for cryptocurrency and target as many Internet of Things (IoT) smart devices as possible. However, what the developers apparently failed to realize is, the vast majority of IoT devices feature only minimal onboard processing power—making them practically useless for cryptocurrency mining.

The futility of using IoT-based processors for CPU mining has already been covered in-depth by Errata Security, which found that even if 2.5 million IoT devices were infected with a Mirai-like virus, the entire botnet would only generate $0.25 per day for its designers. Moreover, when adjusting this rate to today's values, 2.5 million IoT devices with the same computing power would generate just over $0.07 per day. Maybe it's more of a passion project.

Stay on top of crypto news, get daily updates in your inbox.