{
	"id": "73c9b71b-3294-4698-a950-e551ed12f74b",
	"created_at": "2026-04-06T00:16:40.91129Z",
	"updated_at": "2026-04-10T13:12:14.455888Z",
	"deleted_at": null,
	"sha1_hash": "f88881d9b05c3c3860c8ba8ee70e623f58e56c0b",
	"title": "Naive IoT botnet wastes its time mining cryptocurrency",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 571779,
	"plain_text": "Naive IoT botnet wastes its time mining cryptocurrency\r\nBy Written by Catalin Cimpanu, ContributorContributor Jan. 8, 2020 at 2:42 a.m. PT\r\nArchived: 2026-04-05 18:28:45 UTC\r\nImage: Peter Kruse\r\nSee als\r\nSecurity researchers from Romanian antivirus vendor Bitdefender have discovered a botnet that infects home\r\nrouters and other Internet of Things (IoT) smart devices and then attempts to mine for cryptocurrency.\r\nThis marks the third such IoT botnet that wastes its time by attempting to mine cryptocurrency on devices that\r\nclearly don't support these types of operations.\r\nShort history of LiquorBot\r\nNamed LiquorBot, the botnet was first spotted in May 2019, according to a report Bitdefender published\r\nyesterday.\r\nThe botnet is nothing special in terms of technical capabilities. It works just like any other IoT botnet that's been\r\ndocumented over the past few years. Below is a short summary of LiquorBot's features:\r\nUses the following exploits to infect routers and smart devices (mostly routers): CVE-2015-2051, CVE-2016-1555, CVE-2016-6277, CVE-2018-17173, CVE-2017-6884, CVE-2018-10562, CVE-2017-6077,\r\nCVE-2017-6334, CVE-2016-5679, CVE-2018-9285, CVE-2013-3568, CVE-2019-12780\r\nUses a list of 82 username-password combinations to brute-force the SSH service of smart devices on\r\nwhich the default password has not been changed\r\nCan infect devices running on CPU architectures like ARM, ARM64, x86, x64, and MIPS\r\nhttps://www.zdnet.com/article/naive-iot-botnet-wastes-its-time-mining-cryptocurrency/\r\nPage 1 of 2\n\nIs controlled from a web-based command and control (C\u0026C) server\r\nAbout the only novel detail about LiquorBot is the fact that the malware is a version of the Mirai strain rewritten\r\nin the Go programming language -- but that's about it.\r\nWasting its time\r\nMost IoT botnets today usually appear and disappear within weeks or months. LiquorBot is a strange case because\r\nit remained active throughout all 2019.\r\nBitdefender says the malware often received updates, usually in the form of new exploits. The most interesting\r\nupdate was, however, recorded in October.\r\nThe company says the LiquorBot code was expanded with a module that attempted to mine the Monero (XMR)\r\ncryptocurrency on infected devices.\r\nThe module, in itself, is quite useless, seeing that the entire botnet is predicated on infected routers, above\r\nanything else.\r\nSOHO (Small Office Home Office) routers are cheap devices that lack the CPU and hardware capabilities to\r\nadequately mine cryptocurrency -- which is a very resource-heavy operation.\r\nIn the past, other IoT botnets have also wasted their time attempting to mine cryptocurrency on SOHO routers,\r\nwith little success, and with all dropping any attempts within weeks, primarily due to the low yield the hacked\r\ndevices were turning in.\r\nThe first IoT botnet to experiment with the feature was a Mirai-based botnet operated out of China, back in March\r\n2017. The botnet experiment with a Bitcoin-mining module for a week, before dropping the module altogether.\r\nThe second was an IoT malware strain named Linux.MulDrop.14, detected by Dr.Web in June 2017. This botnet\r\ntargeted Raspberry Pi devices, where it also attempted to mine Bitcoin. While Raspberry Pi devices have access to\r\nmore hardware resources than your casual SOHO router, this botnet didn't break the bank either, stopping its\r\nexperiments after a few weeks.\r\nThe discovery of these two botnets in 2017 encouraged researchers to look into the possibility of IoT botnets of\r\nbeing used as cryptocurrency mining farms. At the time, Errata Security estimated that if a Mirai botnet of 2.5\r\nmillion bots mined cryptocurrency it would earn only a meager $0.25 per day, effectively dispelling the notion\r\nthat IoT botnets could ever be used for cryptocurrency mining.\r\nApparently, the LiquorBot author didn't get the notice.\r\nSecurity\r\nSource: https://www.zdnet.com/article/naive-iot-botnet-wastes-its-time-mining-cryptocurrency/\r\nhttps://www.zdnet.com/article/naive-iot-botnet-wastes-its-time-mining-cryptocurrency/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.zdnet.com/article/naive-iot-botnet-wastes-its-time-mining-cryptocurrency/"
	],
	"report_names": [
		"naive-iot-botnet-wastes-its-time-mining-cryptocurrency"
	],
	"threat_actors": [],
	"ts_created_at": 1775434600,
	"ts_updated_at": 1775826734,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/f88881d9b05c3c3860c8ba8ee70e623f58e56c0b.pdf",
		"text": "https://archive.orkl.eu/f88881d9b05c3c3860c8ba8ee70e623f58e56c0b.txt",
		"img": "https://archive.orkl.eu/f88881d9b05c3c3860c8ba8ee70e623f58e56c0b.jpg"
	}
}