NSA Tools Used to Unleash Crypto Mining Malware by Hackers

NSA Tools Used to Unleash Crypto Mining Malware by Hackers

NSA Tools Used to Unleash Crypto Mining Malware by Hackers

 

Hackers are now using software developed by the US National Security Agency (NSA) to illicitly mine cryptocurrencies. According to a recent report released by the Cyber Threat Alliance (CTA), compiled by a collective of cyber-security experts from McAfee, Cisco Talos, NTT Security, Rapid7 and Sophos, among others, crypto mining malware detections have jumped to over 400 percent within the past one and a half years.

Malicious actors are hijacking computer processor resources via internet network infrastructure intrusions, and computer hacks, among other means. One of the more worrying trends is the use of an NSA exploit leaked early last year by Shadow Brokers dubbed EternalBlue.

Soon after the release of its source code, cybercriminals used the tool to launch a devastating ransomware attack dubbed WannaCry, which led to over 200,000 computers being infected in over 100 countries. The British National Health Service (NHS) was one of the institutions targeted by the attack and experienced a network shutdown as a result.

According to new reports, the same exploit is being used to harness crypto mining power using malware called WannaMine. Computers that have been infected can become slow or experience hardware overheating issues. However, some attacks are more sophisticated. They monitor mouse or CPU usage, and automatically pause operations when processing power goes beyond a certain threshold.

This feature makes them harder to detect, allowing them to persist and ultimately generate greater returns for cyber-criminals. Generally, EternalBlue malware infections are hard to detect because of their ability to work without downloading secondary application files.

The Wannacry Malware was based on the Eternalblue exploit.

The WannaCry malware led to over 200,000 computers being infected in over 100 countries. (Image Credit: Wikipedia).

How the WannaMine Crypto Mining Malware Works

WannaMine is the most notorious EternalBlue-based crypto mining malware. It has been found to spread through various means. One of those is by internet users downloading counterfeit software from unofficial sources, email attachments, and by offering misleading software update prompts.

It relies on Windows management tools for its operations and camouflages itself within legitimate processes. As such, it doesn’t work on Android or iOS devices. However, it allows a hacker to download and upload files to a computer, enumerate running processes, execute arbitrary commands, gather system-specific information such as IP addresses and the computer name, and allows the intruder to change some device settings.

Wannamine typically uses Mimikatz, a Windows hack tool used to ‘crack’ software, to gain more system control. Originally developed by Benjamin Delpy, Mimikatz can access a computer’s passwords via its memory and enslave it to a botnet. It also has the ability to export security certificates, override Microsoft AppLocker and processes related to Software Restriction Police, as well as modify privileges.

Cryptojacking Statistics

The cryptojacking practice is apparently rampant and last November, statistics released by AdGuard indicted that more than 33,000 websites with a total of over 1 billion monthly visitors had cryptojacking scripts. Most didn’t bother to warn users about this. Monero is said to be the preferred cryptocurrency for cryptojacking actors mainly because of its pseudonymization features and ability to be mined using medium to low-end computers.

In February, over 34,000 websites were found to be utilizing CoinHive’s JavaScript miner, which is also used to mine Monero. This was according to statistics derived from the PublicWWW search database, which can be used to reveal JavaScript snippets on websites.

The CoinHive miner is a largely legitimate way of undertaking in-browser mining. Currently, only about 19,000 web pages are listed as featuring the Coinhive code. The sharp drop in websites utilizing the miner is probably in correlation with declining mining profitability.

Away from Coinhive, the Smominru Monero miner has been found to be the most active in the wild, and is spread using the EternalBlue exploit. Its usage was first detected in May last year, and at the time, actors behind it were reportedly mining $8,500 worth of Monero in a week. Their botnet network consisted of over 526,000 infected nodes, which appeared to be servers located in Taiwan, Russia, and India.

Protection Against Crypto Mining Attacks

It is easy to protect a PC against EternalBlue-based mining malware attacks by regularly updating windows and carrying out a virus scan using Windows Defender Antivirus. PC users should also avoid using ‘cracked’ software because many create backdoor access for hackers.

 

Cryptocurrency Tool Kit for only $7

Source link

Facebook Commenti

Condividi articolo

Related Posts

L’Indonesia autorizzerà il commercio di futures bitcoin e criptovalute

Commenti disabilitati su L’Indonesia autorizzerà il commercio di futures bitcoin e criptovalute

Il momento d’oro delle criptovalute. Investitori a caccia di affari

Commenti disabilitati su Il momento d’oro delle criptovalute. Investitori a caccia di affari

Huobi Pro aggiunge la criptovaluta Monero con possibilità di scambiarla con Bitcoin e Ethereum

Commenti disabilitati su Huobi Pro aggiunge la criptovaluta Monero con possibilità di scambiarla con Bitcoin e Ethereum

Hackers Are Spreading Crypto Mining Malware via Routers

Commenti disabilitati su Hackers Are Spreading Crypto Mining Malware via Routers

Ripple XRP viene aggiunta nel più importante exchange in Australia

Commenti disabilitati su Ripple XRP viene aggiunta nel più importante exchange in Australia

eToro porta Bitcoin nel mondo del calcio, avviate partnership con sette club della Premier League

Commenti disabilitati su eToro porta Bitcoin nel mondo del calcio, avviate partnership con sette club della Premier League

Il prezzo di bitcoin aumenterà di nuovo quest’anno secondo CoinShares

Commenti disabilitati su Il prezzo di bitcoin aumenterà di nuovo quest’anno secondo CoinShares

Il prezzo di Bitcoin riprende a salire verso 10.000 e porta positività sui mercati delle criptovalute – Altcoin News

Commenti disabilitati su Il prezzo di Bitcoin riprende a salire verso 10.000 e porta positività sui mercati delle criptovalute – Altcoin News

Litecoin Mining vs. Bitcoin Mining

Commenti disabilitati su Litecoin Mining vs. Bitcoin Mining

How Cryptocurrency Can Help Underdeveloped Countries

Commenti disabilitati su How Cryptocurrency Can Help Underdeveloped Countries

Htmlcoin eppur si muove ma il prezzo invece fatica a salire

Commenti disabilitati su Htmlcoin eppur si muove ma il prezzo invece fatica a salire

Circle ha aggiunto la possibilità di investire in Zcash tramite il suo prodotto Circle Invest

Commenti disabilitati su Circle ha aggiunto la possibilità di investire in Zcash tramite il suo prodotto Circle Invest

Create Account



Log In Your Account