The Mirai botnet is considered to be one of the most successful botnets in the history of the Internet. Seeing the success of this infamous botnet, many cyber crooks have taken it upon themselves to attempt to replicate it. Some of them would borrow features from the notorious Mirai Botnet and try to build their own network of hijacked systems. One of the most recent cases is the LiquorBot campaign. Malware researchers have followed the activity of the LiquorBot botnet closely as this campaign seems very dynamic and rather efficient.
Injects Cryptocurrency Miners
The LiquorBot botnet’s goal is to inject cryptocurrency miners on the infected systems. This means that the LiquorBot botnet will harvest the computing power of compromised devices and mine cryptocurrencies while making sure to transfer all the generated coins to its operators’ wallets. This can result in reducing the lifespan of the infiltrated machines. The LiquorBot botnet has copied the design of the Mirai botnet’s C&C (Command & Control) server layout. However, a key difference between the modules of the LiquorBot botnet and the Mirai botnet is that the former is written in Google’s Go programming language.
Targets Routers Mainly
The payload affiliated with the LiquorBot botnet is compatible with x86, x64, MIPS, ARM64 and ARM CPU architectures. This means that the operators of the LiquorBot botnet are able to compromise a wide variety of devices. However, after studying the activity of the LiquorBot botnet, it would seem that the main target of the attackers are routers. To compromise its targets, the LiquorBot threat would use twelve publicly known exploits of various router brands. Another infiltration method used by the LiquorBot botnet is exploiting weak Secure Shell services.
Unlike most botnets, which tend to be used for launching DDoS (Distributed-Denial-of-Service) attacks, the LiquorBot botnet appears to be used for mining cryptocurrencies solely. Authors of malware, like the operators of the LiquorBot botnet, tend to rely on known exploits and outdated software to infiltrate their targets. This is why experts advise users to make sure they keep all their software up to date, including in this IoT (Internet-of-Things) devices such as routers, smart devices, etc.