Hackers use EternalBlue WannaCry exploit to mine cryptocurrency

Hackers use EternalBlue WannaCry exploit to mine cryptocurrency

Hackers use EternalBlue WannaCry exploit to mine cryptocurrency

It can target vulnerable computers without the owner having to click.

It is an alternative to Bitcoin and being used for trading in drugs, stolen credit cards and counterfeit goods. "Initial statistics suggest this attack may be larger in scale than WannaCry, affecting hundreds of thousands of PCs and servers worldwide", the firm continued.

Both WannaCry and Adylkuzz take advantage of the most risky of the cyberhacking tools that were stolen from the U.S. National Security Agency, Proofpoint's senior vice president of cybersecurity strategy Ryan Kalember says. A group of hackers called the Shadow Brokers have been leaking NSA codes, tools and documents since last summer, the Hill reported.

That group has exposed many more of the NSA's secret intelligence tactics, but the computer back door and the Microsoft vulnerability exploited by these two recent malware attacks were "the pick of the litter", Kalember says.

And it's working. One expert says Adylkuzz would be earning its creators a five-figure sum every day, growing as the worm spreads. Proofpoint has spotted attacks as early as April 24, but because of Adylkuzz's stealthy nature, it was not as obvious until after WannaCry's devastating ransomware surfaced.

"Once infected through use of the EternalBlue exploit, the cryptocurrency miner Adylkuzz is installed and used to generate cybercash for the attackers", said Robert Holmes, vice president of products at Proofpoint.

This malware relies on virtual private servers scanning the Internet on TCP port 445 for distribution.

"Monero is really ugly stuff", Kalember said.

While the WannaCry ransomware hit the world in a frenzy, the next wave of hacks using the same tactics is much quieter.

Kane's pride at scoring Tottenham's last goal at White Hart Lane
With his eyes still moist from Sunday's emotional farewell to the Lane , Kane said: "We play a different style to West Ham". The Argentine continued to explain that, " We had the control of the game and played better ".

To catch WannaCry and study it, Proofpoint then laid out bait on the open Web-a sacrificial virtual machine that lacked the Microsoft patch.

Barely a week after the WannaCry ransomware attack, the digital world shall witness a potentially larger attack.

In the end, the Adylkuzz Monero mining malware saved a lot of vulnerable machines from getting infected by WannaCry.

Adylkuzz is described as a piece of malware that infects computers through the same means as WannaCry but, instead of locking files on computers, hides in the background and digitally makes money.

"Even with Adylkuzz, the loss of a few thousand Moneros is nothing compared to the APT who plays the long game with DoublePulsar and EternalBlue and stealthily surveys and cherry picks all the health records, student records, intellectual property and incriminating emails they can get their hands on", he explained. No action by the victim is required.

The main objective of Adylkuzz is to mine Monero, a crytocurrency similar to Bitcoin. Bitcoin ledgers are public.

According to Kaffeine, the three Monero wallets used to collect the proceeds for the malware's mining operations have netted the group at least $43,000, but the crooks have nearly certainly earned much more.

According to Proofpoint, Adylkuzz attacks started before the WannaCry ransomware attack began on May 12, and some experts believe that several firms mistakenly believed that their systems were infected by WannaCry when it actually was Adylkuzz.

Related news