Up to 60 Pizza Hut stores across Australia are reported to have been used as part of a bitcoin mining and click fraud botnet during most of 2013. The incident lead to numerous stores halting trade and in some cases resulted in store computers and PoS devices remaining offline all day while the machines were reimaged.
The malware, a variant of ZeroAccess, spreads by one of three ways:
- Users are socially engineered to run malicious code contained in downloaded files.
- The malware masquerades as an advert via advertising networks in order to entice clicks.
- Affilates promote the software to users by what is known as pay per install schemes.
In December of 2013, Microsoft and Symantec put a major dent in the botnet although they did not manage to shut it down completely.
It's not known how many bitcoins Pizza Hut managed to mine for the botnet or if financial information was leaked during the hijacking of the machines.