Top 3 Types of Bitcoin Mining Malware

Although mining Bitcoin with regular computer hardware is no longer profitable, that isn’t keeping criminals from giving it a try. Over the past few years, there have been several types of Bitcoin mining malware, infecting computers all over the world. Three different types stand out so far, although it is expected more strains of this malware will pop up in 2017 and beyond.

#3 The Otorun Worm

First discovered back in 2011, Otorun is a worm that aims to infect computers all over the world. The malware masked itself as a Windows font file and made use of the LNK vulnerability to infect a computer. One thing that made this malware stand out was how it replicated itself onto removable USB storage. Anyone plugging an infected USB drive into their computer would have to deal with this Bitcoin mining malware as well.

Once a computer is infected with Otorun, the worm exploits the LNK vulnerability to connect to the Deepbit Bitcoin mining pool. All of the available computer hardware – mostly the graphics card – is then taxed to mine Bitcoins. All earnings generated by this process are sent to the criminal’s Bitcoin wallet.  

#2 Kolab

Kolab is another worm that comes with a Bitcoin mining malware payload. This particular malware was distributed through social media, mainly targeted Twitter users in the process. Security researchers discovered Kolab briefly after Otorun, as it shared quite a few similarities.




Computers infected with the Kolab worm would see a new directory created, called HKTL_BITCOINMINE. A “grayware’ Bitcoin mining tool issued to generate Bitcoins for the criminals distributing the worm. It remains unclear how much money was made with this malware, but we do know it can still impact computers to this very date.

#1 BTMine

The BTMine vulnerability acts as a backdoor toolkit, which includes its very own Bitcoin mining malware. In most cases, BTMine would be used to execute DDoS attacks and steal Bitcoin wallets from infected computers. In a way, this was a smart dual-pronged approach, as the criminals would steal one’s Bitcoins and force their computer to mine additional funds.

To be more specific, BTMine uses three different types of Bitcoin mining software, depending on the infected system’s specifications. Those variations made BTMine one of the most powerful Bitcoin-related threats to computer users all over the world. Users who do not perform regular operating system updates remain vulnerable to this backdoor threat, even though several security patches have been issued in recent years.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.