Researchers Find Way to Shut Down Cryptominer Campaigns Using Bad Shares and XMRogue
Briefly

Cybersecurity researchers from Akamai have introduced two innovative techniques to disrupt cryptocurrency mining botnets. By exploiting the mining structures and the Stratum protocol, these methods can lead to the complete shutdown of illegal mining operations. The first technique entails submitting invalid mining results, or 'bad shares,' which can ban the mining proxy, drastically reducing CPU usage from 100% to 0%. The second method targets scenarios where miners connect directly to public pools without proxies, furthering the disruption. These strategies could force attackers to abandon their operations due to the infrastructure challenges posed.
By connecting to a malicious proxy as a miner, we can submit invalid mining job results - bad shares - that will bypass the proxy validation and will be submitted to the pool. Consecutive bad shares will eventually get the proxy banned, effectively halting mining operations for the entire cryptomining botnet.
We developed two techniques by leveraging the mining topologies and pool policies that enable us to reduce a cryptominer botnet's effectiveness to the point of completely shutting it down.
Read at The Hacker News
[
|
]