Persistent EternalBlue-Powered Wannamine Cryptominer Still Alive

Security researcher Amit Serper of Cybereason reports that the Wannamine cryptominer malware which uses the EternalBlue hack from NSA is still making rounds around the Internet and a new outbreak is spreading.

Cryptominers are specially crafted malicious programs designed to work in the background on infected computers mining a wide variety of crypto coins without the knowledge of the owners.

This new variant of the Wannamine persistent cryptominer still uses the well-known EternalBlue SMB exploit leaked last year by NSA to penetrate a target computer and, once inside, it starts mining cryptocurrency as instructed by the threat actor who built it and to spread itself through the entire network using the same procedure.

Although the EternalBlue exploit was widely publicized by both security experts and the media.

No comments:

Post a Comment