Bitcoin mining AMD GPU
Hackers may have started employing a clever tactic in an effort to enlist powerful PCs into cryptocurrency mining botnets.
According to GameCrastinate, a game torrent is installing bitcoin mining malware on the computers of thousands of unsuspecting users. The torrent in question is Watch Dogs, an upcoming AAA title from Ubisoft, which is scheduled to officially launch tomorrow, 27th May.
However, the reports have been questioned by some gamers who claim that they downloaded the same torrent – with no bitcoin mining malware in tow. Of course, this does not mean that the torrent is safe, as some users may have evaded infection through other means.
If it is true, the new approach is a clever one, as it makes life easier for botnet operators on more than one level.
Quality vs quantity
Botnets are supposed to be big, the bigger the better. However, this rule does not always apply to mining botnets.
Infecting an ancient PC with integrated graphics is pointless and to some extent counterproductive. However, gaming PCs powered by high-end graphic cards make a lot more sense – AMD Radeons based on Tahiti and Hawaii GPUs, such as the Radeon R9 290, R9 280 and HD 7900 series, remain a popular choice for many altcoin miners out there.
Nobody would try to download, install and run a demanding game like Watch Dogs on sub-par hardware, so in theory this approach could give the attacker access to a limited pool of PCs, but practically every one of them would have a powerful GPU.
Furthermore, a smaller botnet is harder to detect, and just a few dozen gaming rigs can mine more altcoins than hundreds of antiquated office boxes.
AMD’s market share in the discrete graphics market hovers around 33%, with Nvidia accounting for the rest. In other words, one in three gaming PCs is equipped with a relatively powerful Radeon card, making these a viable mining platform for altcoins based on the scrypt algorithm, such as litecoin and dogecoin.
Pitfalls to the scheme
Using torrented games to spread mining malware makes sense, as it allows the attacker to specifically target PCs capable of delivering a lot of parallel computing performance. Using an unreleased title is a clever choice too, as torrents of unreleased builds tend to be unstable and exhibit performance issues, so the added load of GPU mining could be hidden to some extent.