Reports have surfaced detailing a malware trojan that uses an NSA hacking tool to infect Windows computers with a cryptocurrency mining bug. The virus identifies available resources on a victim’s PC that can be used to initiate the mining of XMR (Monero).
The Trojan Was First Reported by Russian Antivirus Dr.Web
Bleeping Computer has reported that malware authors are utilizing an NSA hacking exploit to infect Windows computers with a trojan that identifies available resources to divert toward mining Monero (XMR), a privacy-oriented alternative cryptocurrency.
The trojan was first reported by Russian antivirus Dr.Web, who discovered the virus under the generic name of Trojan.BTCMine.1259. The trojan has been identified as utilizing an NSA hacking tool named Doublepulsar that is used to infect computers running unsecure Server Message Block (SMB) services – a network protocol predominantly used for providing shared access to files, printers, and serial ports.
Once infected, the malware creates a simple backdoor that allows the hackers to execute code on a machine. The hackers then use the NSA’s Doublepulsar exploit to download a generic malware loader onto the infected machine. The virus will then scan the computer to determine if it has enough resources available to execute its payload. If said resources are available, a generic malware loader will download a cryptocurrency miner, begin mining XMR, and divert the XMR to the hacker’s wallet. Experts also note that the trojan is able to shut itself down when a PC owner launches the Task Manager utility, allowing the malware to remain undetected whilst in operation.
Recent Cryptocurrency-Oriented Viruses Have Adopted the NSA’s Doublepulsar Exploit
Trojan.BtcMine.1259 is not the first cryptocurrency associated virus that has been built using the DOUBLEPULSAR exploit. A similar virus called Eternalminer was detected last week, which targets Linux servers for XMR mining. Wannacry, the ransomware program that recently wreaked havoc on businesses and institutions across the globe, also incorporated Doublepulsar into its protocol, using the exploit as the basis for the malware’s self-spreading SMD worm.
Doublepulsar was made available in April 2017 by Shadow Brokers, leading to reports that over 36,000 computers had been infected by various viruses utilizing the exploit on April 21st, with experts suggesting that the number of infected machines may have peaked at nearly 100,000 Windows machines by the end of April. The number of infected computers is estimated to now be closer to 16,000, owing to Windows system update MS17-010.
Do you think that cryptocurrency-oriented malware will become a dominant form of virus utilized by cybercriminals? Share your thoughts below!
Images courtesy of Shutterstock
Want to create your own secure cold storage paper wallet? Check our tools section.
TheBitcoinNews.com – Bitcoin News source since 2012
Virtual currency is not legal tender, is not backed by the government, and accounts and value balances are not subject to consumer protections. TheBitcoinNews.com holds several Cryptocurrencies, and this information does NOT constitute investment advice or an offer to invest.
Everything on this website can be seen as Advertisment and most comes from Press Releases, TheBitcoinNews.com is is not responsible for any of the content of or from external sites and feeds. Sponsored or guest posts, articles and PRs are NOT always flagged as this. Expert opinions and Price predictions are not supported by us and comes up from 3th part websites.
Advertise with us : Advertise