Skip to main content

Cryptocurrency Mining Malware Infected Over Half-Million PCs Using NSA Exploit


2017 was the year of high profile data breaches and ransomware attacks, but from the beginning of this year, we are noticing a faster-paced shift in the cyber threat landscape, as cryptocurrency-related malware is becoming a popular and profitable choice of cyber criminals.

Several cybersecurity firms are reporting of new cryptocurrency mining viruses that are being spread using EternalBlue—the same NSA exploit that was leaked by the hacking group Shadow Brokers and responsible for the devastating widespread ransomware threat WannaCry.

Researchers from Proofpoint discovered a massive global botnet dubbed "Smominru," a.k.a Ismo, that is using EternalBlue SMB exploit (CVE-2017-0144) to infect Windows computers to secretly mine Monero cryptocurrency, worth millions of dollars, for its master.

Active since at least May 2017, Smominru botnet has already infected more than 526,000 Windows computers, most of which are believed to be servers running unpatched versions of Windows, according to the researchers.
"Based on the hash power associated with the Monero payment address for this operation, it appeared that this botnet was likely twice the size of Adylkuzz," the researchers said.
The botnet operators have already mined approximately 8,900 Monero, valued at up to $3.6 million, at the rate of roughly 24 Monero per day ($8,500) by stealing computing resources of millions of systems.


The highest number of Smominru infection has been observed in Russia, India, and Taiwan, the researchers said.

The command and control infrastructure of Smominru botnet is hosted on DDoS protection service SharkTech, which was notified of the abuse but the firm reportedly ignored the abuse notifications.

According to the Proofpoint researchers, cybercriminals are using at least 25 machines to scan the internet to find vulnerable Windows computers and also using leaked NSA's RDP protocol exploit, EsteemAudit (CVE-2017-0176), for infection.
"As Bitcoin has become prohibitively resource-intensive to mine outside of dedicated mining farms, interest in Monero has increased dramatically. While Monero can no longer be mined effectively on desktop computers, a distributed botnet like that described here can prove quite lucrative for its operators," the researchers concluded. 
"The operators of this botnet are persistent, use all available exploits to expand their botnet, and have found multiple ways to recover after sinkhole operations. Given the significant profits available to the botnet operators and the resilience of the botnet and its infrastructure, we expect these activities to continue, along with their potential impacts on infected nodes."
Another security firm CrowdStrike recently published a blog post, reporting another widespread cryptocurrency fileless malware, dubbed WannaMine, using EternalBlue exploit to infect computers to mine Monero cryptocurrency.

Since it does not download any application to an infected computer, WannaMine infections are harder to detect by antivirus programs. CrowdStrike researchers observed the malware has rendered "some companies unable to operate for days and weeks at a time."

Besides infecting systems, cybercriminals are also widely adopting cryptojacking attacks, wherein browser-based JavaScript miners utilise website visitors' CPUs power to mine cryptocurrencies for monetisation.

Since recently observed cryptocurrency mining malware attacks have been found leveraging EternalBlue, which had already been patched by Microsoft last year, users are advised to keep their systems and software updated to avoid being a victim of such threats.

YOU MAY ALSO LIKE :-


Labels:
Location: United States

Comments

Post a Comment

Popular posts from this blog

[Guide] How to Protect Your Devices Against Meltdown and Spectre Attacks

Recently uncovered two huge processor vulnerabilities called Meltdown and Spectre have taken the whole world by storm, while vendors are rushing out to patch the vulnerabilities in its products. The issues apply to all modern processors and affect nearly all operating systems (Windows, Linux, Android, iOS, macOS, FreeBSD, and more), smartphones and other computing devices made in the past 20 years. What are Spectre and Meltdown? We have explained both, Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753, CVE-2017-5715), exploitation techniques in our previous article. In short, Spectre and Meltdown are the names of security vulnerabilities found in many processors from Intel, ARM and AMD that could allow attackers to steal your passwords, encryption keys and other private information. Both attacks abuse 'speculative execution' to access privileged memory—including those allocated for the kernel—from a low privileged user process like a malicious app running...
Post a Comment
Read more

Check your Gmail Account Email is Secured or Not After 50 Lacs Gmail account Hacking

World Biggest Hacking 50Lacs Gmail Account Hacked by Russian Hackers. Hack Gmail List Post in Bitsec security forum. This hacking is done in 10 September 2014. Anyone can download  5 Million hacking gmail  list . Your password is compromised publicaly.  So how do you know your account is hacked is or not. This is one of the biggest hack in Gmail account.  So hackers use your gmail account password in illegal purposes. So I recommend you to check your gmail account password. Here we provide a website to check your email in the hacking list. If your name in the hacking list ,so change your password of gmail. Check your name in Gmail Hacking list  Follow the given steps. 1 Go to this website  ISLEAKED.COM  or  haveibeenpwned.com/ 2. Type of email and click on check it. 3. Now you know your account is hacked or not. YOU MAY ALSO LIKE : Make Fake FB Account in 1 Min Without Mobile and email Facebook Moves To Decide What ...
Post a Comment
Read more

Unlocked phones vs. locked phones: Why you should care

Should you get an unlocked phone? The US wireless market is more competitive than ever, which is great news for consumers who have lots of choices when it comes choosing a service provider. But one barrier still exists when trying to switch carriers: the locked smartphone. The end of wireless contracts marked a watershed trend for consumers because it finally opened the door for them to more easily shop around for alternative wireless carriers. But the software locks that carriers put on phones restricting its use on other networks still prevent many consumers from having total freedom when it comes to choosing a provider. Now Verizon, the only wireless carrier that sold its phones unlocked out of the box, is reversing course. The company  said earlier this week  it would begin locking the phones it sells to consumers for an undetermined period of time, which will prevent them from using a SIM card from another carrier. But Verizon promised it would eventually ...
Post a Comment
Read more