NSA Tools Used to Unleash Crypto Mining Malware by Hackers

NSA Tools Used to Unleash Crypto Mining Malware by Hackers

NSA Tools Used to Unleash Crypto Mining Malware by Hackers

 

Hackers are now using software developed by the US National Security Agency (NSA) to illicitly mine cryptocurrencies. According to a recent report released by the Cyber Threat Alliance (CTA), compiled by a collective of cyber-security experts from McAfee, Cisco Talos, NTT Security, Rapid7 and Sophos, among others, crypto mining malware detections have jumped to over 400 percent within the past one and a half years.

Malicious actors are hijacking computer processor resources via internet network infrastructure intrusions, and computer hacks, among other means. One of the more worrying trends is the use of an NSA exploit leaked early last year by Shadow Brokers dubbed EternalBlue.

Soon after the release of its source code, cybercriminals used the tool to launch a devastating ransomware attack dubbed WannaCry, which led to over 200,000 computers being infected in over 100 countries. The British National Health Service (NHS) was one of the institutions targeted by the attack and experienced a network shutdown as a result.

According to new reports, the same exploit is being used to harness crypto mining power using malware called WannaMine. Computers that have been infected can become slow or experience hardware overheating issues. However, some attacks are more sophisticated. They monitor mouse or CPU usage, and automatically pause operations when processing power goes beyond a certain threshold.

This feature makes them harder to detect, allowing them to persist and ultimately generate greater returns for cyber-criminals. Generally, EternalBlue malware infections are hard to detect because of their ability to work without downloading secondary application files.

The Wannacry Malware was based on the Eternalblue exploit.

The WannaCry malware led to over 200,000 computers being infected in over 100 countries. (Image Credit: Wikipedia).

How the WannaMine Crypto Mining Malware Works

WannaMine is the most notorious EternalBlue-based crypto mining malware. It has been found to spread through various means. One of those is by internet users downloading counterfeit software from unofficial sources, email attachments, and by offering misleading software update prompts.

It relies on Windows management tools for its operations and camouflages itself within legitimate processes. As such, it doesn’t work on Android or iOS devices. However, it allows a hacker to download and upload files to a computer, enumerate running processes, execute arbitrary commands, gather system-specific information such as IP addresses and the computer name, and allows the intruder to change some device settings.

Wannamine typically uses Mimikatz, a Windows hack tool used to ‘crack’ software, to gain more system control. Originally developed by Benjamin Delpy, Mimikatz can access a computer’s passwords via its memory and enslave it to a botnet. It also has the ability to export security certificates, override Microsoft AppLocker and processes related to Software Restriction Police, as well as modify privileges.

Cryptojacking Statistics

The cryptojacking practice is apparently rampant and last November, statistics released by AdGuard indicted that more than 33,000 websites with a total of over 1 billion monthly visitors had cryptojacking scripts. Most didn’t bother to warn users about this. Monero is said to be the preferred cryptocurrency for cryptojacking actors mainly because of its pseudonymization features and ability to be mined using medium to low-end computers.

In February, over 34,000 websites were found to be utilizing CoinHive’s JavaScript miner, which is also used to mine Monero. This was according to statistics derived from the PublicWWW search database, which can be used to reveal JavaScript snippets on websites.

The CoinHive miner is a largely legitimate way of undertaking in-browser mining. Currently, only about 19,000 web pages are listed as featuring the Coinhive code. The sharp drop in websites utilizing the miner is probably in correlation with declining mining profitability.

Away from Coinhive, the Smominru Monero miner has been found to be the most active in the wild, and is spread using the EternalBlue exploit. Its usage was first detected in May last year, and at the time, actors behind it were reportedly mining $8,500 worth of Monero in a week. Their botnet network consisted of over 526,000 infected nodes, which appeared to be servers located in Taiwan, Russia, and India.

Protection Against Crypto Mining Attacks

It is easy to protect a PC against EternalBlue-based mining malware attacks by regularly updating windows and carrying out a virus scan using Windows Defender Antivirus. PC users should also avoid using ‘cracked’ software because many create backdoor access for hackers.

 

Cryptocurrency Tool Kit for only $7

Source link

Facebook Commenti

Condividi articolo

Related Posts

IOTA viene aggiunto nella piattaforma di trading COBINHOOD con il simbolo MIOTA – Altcoin News

Commenti disabilitati su IOTA viene aggiunto nella piattaforma di trading COBINHOOD con il simbolo MIOTA – Altcoin News

Circle ha aggiunto la possibilità di investire in Zcash tramite il suo prodotto Circle Invest

Commenti disabilitati su Circle ha aggiunto la possibilità di investire in Zcash tramite il suo prodotto Circle Invest

Sberbank : Una delle più grandi banche della Russia gestirà il primo ICO ufficiale di tutto il paese

Commenti disabilitati su Sberbank : Una delle più grandi banche della Russia gestirà il primo ICO ufficiale di tutto il paese

La popolarità della blockchain continua a guidare l’interesse nei mercati della criptovaluta

Commenti disabilitati su La popolarità della blockchain continua a guidare l’interesse nei mercati della criptovaluta

This Week in Cryptocurrency: September 14, 2018

Commenti disabilitati su This Week in Cryptocurrency: September 14, 2018

Il volume di trading di bitcoin futures è quasi raddoppiato nel secondo trimestre del 2018

Commenti disabilitati su Il volume di trading di bitcoin futures è quasi raddoppiato nel secondo trimestre del 2018

Were Tesla’s Model 3 Reservations a Quasi-ICO?

Commenti disabilitati su Were Tesla’s Model 3 Reservations a Quasi-ICO?

Il primo cripto-analista: andate short sul Bitcoin

Commenti disabilitati su Il primo cripto-analista: andate short sul Bitcoin

Il rapporto del secondo trimestre indica che XRP è stato in linea con Bitcoin, invece ethereum e bitcoin cash hanno sovraperformato

Commenti disabilitati su Il rapporto del secondo trimestre indica che XRP è stato in linea con Bitcoin, invece ethereum e bitcoin cash hanno sovraperformato

Bitcoin potrebbe raggiungere 15.000 dollari entro fine luglio secondo John McAfee

Commenti disabilitati su Bitcoin potrebbe raggiungere 15.000 dollari entro fine luglio secondo John McAfee

IronChain lancia l’indice delle criptovalute Bitcoin, Ethereum, Ripple, EOS e le prime 10 crypto più capitalizzate

Commenti disabilitati su IronChain lancia l’indice delle criptovalute Bitcoin, Ethereum, Ripple, EOS e le prime 10 crypto più capitalizzate

Bitcoin secondo Forbes a 35 mila dollari entro fino anno

Commenti disabilitati su Bitcoin secondo Forbes a 35 mila dollari entro fino anno

Create Account



Log In Your Account