LNBot: A Covert Hybrid Botnet on Bitcoin Lightning Network
share
While various covert Botnets were proposed in the past, they still lack complete anonymization for their servers/botmasters or suffer from slower communications among the botmaster and bots. In this paper, we propose LNBot, a new generation hybrid botnet that covertly communicates over Bitcoin Lightning Network (LN) which was recently introduced for faster Bitcoin transactions without writing on the blockchain. LNBot is a scalable two-layer botnet designed to completely anonymize the identity of the botmaster and its communication with multiple command and control (C C) servers which maintain their own mini botnets by exploiting the various anonymity features of LN. Specifically, LNBot allows any type of commands to be sent instantly by the botmaster to the C C servers which are ASCII or Huffman-encoded direct payments and forwarded via the LN payment infrastructure. These commands can then be further relayed to bots recruited by each C C server. We implemented a proof-of-concept on the actual Bitcoin network and analyzed the delay and cost performance of the proposed approaches.
READ FULL TEXT