Symantec Reports a Worm that Mines Cryptocurrencies


Even Your Security Camera Can Mine Cryptocurrencies – Globally famous American computer security, backup and availability solutions corporation Symantec has recently reported of a worm that attacks internet-enabled home appliances.

The company’s inspection body had found a worm last November that goes with the name Linux.Darlloz. As per a report published on Symantec’s official website, the Darlloz focuses on devices running the ARM, MIPS and PowerPC architectures. These architectures are normally found in internet-enabled home appliances, such as set-top boxes, router, TVs, amongst others.

What further sensationalizes the Symantec’s report is the worm’s ability to mine cryptocurrencies, the numbers of which count to be more than a hundred at present. Symantec has particularly highlighted the computers running Intel architecture to be much more vulnerable to the IoT worm.


Providing explanations of the worm’s interest in the IoT devices, the experts blame the interlinking of such devices in an unsecure manner. “Unlike regular computers,” the report mentions, “a lot of IoT devices ship with a default user name and password and many users may not have changed these. As a result, the use of default user names and passwords is one of the top attack vectors against IoT devices. Many of these devices also contain unpatched vulnerabilities users are unaware of.”

So there can be a chance that your security camera is mining cryptocurrencies for someone sitting oceans away.

But how?

Reportedly, internet-enabled devices are more vulnerable than your regular computer systems and mobile devices. Taking advantage of the users’ aforementioned ignorance, the bug attempts a remote “back door” attack on routers – the devices that are robotically connected to other home appliances using internet.

Upon infecting a device, Darlloz starts a HTTP Web server on port 58455 in order to spread. The server hosts worm files and lets anyone download files through this port by using a HTTP GET request, informs Symantec.

Linux.Darlloz Doesn’t Mine Bitcoin and Litecoin, at least for now

The report however limits the attempted hacks only the coins that use Scrypt algorithm. Currently, the worm has found its likening in Dogecoin and Mincoin, and has mined over $46 and $150 worth of them, respectively. Meanwhile, Litecoin, which also uses the same Scrypt algorithm, is reported to be unaffected by any such event.

To contact the reporter of the story: Yashu Gola at