Botnet and malware usually translate to nightmare. Mate that with cryptocurrency, it becomes even worse.
Cryptocurrency malware is created to illicitly steal other people's computing resources to mine digital coins. As a result, affected computers will become slower, and in some cases, destroys the components due to the increased heat they are generating.
As crypto-jacking campaigns become more common on the web, cryptocurrency malware is becoming a serious problem.
But apparently, not all botnets are harmful, as one called 'Fbot', appears to be hunting down cryptocurrency malware, and erasing them from where they are hosted.
Fbot is a variant of one called Satori, which is in turn based on Mirai, a computer program usually used for DDoS attacks.
But interestingly, Fbot has that feature deactivated, and instead infects only crypto-jacking malware, the report says.
How ti works involve the botnet in distributing itself by searching for devices with a specific open port. According to the researchers at Qihoo 360Netlab who discovered the botnet, Fbot is programmed to scan for a specific piece of cryptocurrency mining malware called com.ufo.miner, a variant of Android-based monero miner ADB.Mine.
When it found one, it would then install itself over the malware and ultimately self-destructs.
What makes Fbot also interesting is that, the code is linked to a domain name accessible, but not through a standard Domain Name System (DNS). Fbot uses a decentralized alternative called EmerDNS that makes addresses harder to trace and shut down.
The researchers said:
It isn't clear who created Fbot, and who started distributing it. Fbot may come from people with good intentions, or by rival crypto-jackers seeking to remove their competition.
Either way, Fbot is unique as it kills malware. This particular botnet can indeed be a lending hand to initiatives made by web browser makers and tech companies that try to block crypto-mining malware scripts from running.