In its latest security report, McAfee Labs turned its attention to bitcoin mining malware. While botnets for bitcoin and various alt-coins is on the rise, McAfee’s analysis claimed that even highly powerful networks of zombie machines were ineffective at mining. Even allowing for zero cost for hardware and power, most cryptocurrency algorithms long ago passed the difficulty at which they could be effectively mined on non-specialized hardware. As a result, attempting to see profitable results from a botnet amounts to a “futile effort.”
In essence, botnet sellers are selling snake oil when they say that buyers can profitably mine virtual currencies. Further, botnet operators are risking exposure because bot hardware victims are more likely to detect the resource-consuming mining activity.”
The report claims that even in an ideal situation for a botnet user, mining offers the promise of a very low reward at a very high risk of loss. It proposes a hypothetical example of a 10,000-device botnet that can turn an $11,000 profit by doing relatively common malware things like steaming passwords and credit card numbers. That same network, which is completely unoptimized for bitcoin mining, might generate around 100 Megahashes per second, a fraction of the power of even entry-level mining hardware. At that rate, assuming the mining difficulty doesn’t change, McAfee claims that the additional profit might be around $7.61.
And that’s for an ideal situation with no botnet attrition. The report claims that in a real-world scenario, with an attrition rate of around 30%, using a botnet form mining would likely result in a loss of $3,265 in potential profits.
If it’s ineffective, why is botnet mining on the rise? Simple. The developers know that there is demand for cryptocurrency mining, and they’re more than willing to supply tools they know won’t work if it means more profit. “[The] nefarious malware sellers seem to have plenty of motivation to squeeze every possible ounce of profit out of their efforts.”
This demand has even resulted in the infection of machines with almost no ability to contribute to the hashing power of a botnet system, such as mobile devices. The report notes that recent Android system mining malware infections had “nonexistent” returns.