H-Ant virus is attacking mining pools

7831

It’s the old cat and mouse game between burglar and locksmith. The locksmith develops the most sophisticated lock and then it takes a few weeks and the burglar has cracked this too. In the age of the Internet and computer technology, software companies are the locksmiths and hackers are the burglars.

The ingenuity of modern burglars is amazing. The victims of their gadgetry were mostly end-users of wallets like Electrum or other apps like “CoinTicker” who initially only opened a backdoor on Apple devices. Under the concept of cryptojacking broke another wave going on. This is the unrecognized installation of mining software on computers. The processing power of the foreign device is then used by the attacker to mine crypto-coins. Again, end-users of PCs and laptops were the victims.

Now also Bitmain affected

According to the Chinese news agency Yibenchain, the Antminer are now affected by Bitmain. These are the models S9, T9 and probably also L3. Bitmain, a Chinese company, is not only the leading manufacturer of mining hardware, especially ASIC miners Antminer, but also operates one of the largest mining pools in the Antpool. In addition, there are indications that the bitmain competitor Canaan Creative and their Avalon Miner are affected, it continues on Yibenchain. The fact that the problem has been known since August 2018 did not prevent the virus called H-Ant from spreading further.
The Trojan horse

If you go to the fault diagnosis of the affected device, so joins a screen, rather unpleasant lines appear in English and Chinese:

    “I am H-Ant. I will not let go of your Antminer unless you spread the virus until I see 10 new infected IP addresses and there are a total of 1,000 affected devices. I am able to turn off both fan and overheat protection of your Antminer. As a result, either your device or, worse, your whole house would burn down. “

Then one is faced with a choice:

    “Click on the Download Firmware Patch button to download our client with your IP address and update your Antminer software. Then your miner will be infected. You can move the infected device to another mining room to complete the infection, or get others on your network to install the patch. Alternatively, you can pay 10 BTC and the attack is over. “

Everything half so wild

Chinese news site 8btc interviewed Jiang Zhuo’er, founder of the mining pool btc.top, about H-Ant. He explained that the H-Ant virus ends up on devices via overclocking software. Such software is common in most mining pools, although manufacturers advise against it. You can increase the actual maximum performance again. So far, only Chinese miners are affected. Jiang Zhuo’er believes that the malicious software has been distributed via the Chinese Google counterpart Baidu.

For the entire network, however, he sees no great danger. The hash power of the Bitcoin network is highly decentralized and it is very difficult to figure out where the miners actually stand. “Solutions for infected devices are also circulating on the net. Reflashing the miner’s SD card and then reinstalling the clean software will remove the virus. A reflash is a slightly more complicated formatting process. The locksmiths have already hit back.

image by Shutterstock