A Security Researcher Created a Tool to Test for NSA’s DoublePulsar Malware

Recently, the Shadow Brokers hacking group revealed a number of hacking tools that are believed to have been developed and used by the U.S. National Security Agency (NSA). Among these was the DoublePulsar ‘implant’, which is essentially a malware downloader that serves as an intermediary for potent malware to reach infected computers. A security researcher has now created a tool that will allow you to know if your computer is infected or not.

Thousands of infected devices discovered

Luke Jennings, a security researcher at Countercept, wrote a script in response to the high-profile cyberweapon leak. The script, which requires some programming knowledge to use, can be downloaded on GitHub. It allows users to know whether they are infected with DoublePulsar.

Several security researchers decided to use Jennings’ script to find computers that have been hit by the NSA’s malware downloader. Results varied widely, as some have shown roughly 10,000 infected machines, while others managed to get to as much as 100,000.

Numbers may vary widely because of DoublePulsar’s design. The malware is designed not to persist on a user’s device in order to avoid detection, making its lifespan relatively short. According to some, a simple reboot may be enough to get rid of DoublePulsar. However, it won’t help with the malware associated with it.

Microsoft, which has released patches that fix the flaws the NSA’s tool took advantage of, has called the script’s accuracy into question, issuing a statement to Ars Technica that read:

“We doubt the accuracy of the reports and are investigating”

Researchers are still working on DoublePulsar, as it will take time to determine how many machines are actually infected. Whether the script is accurate or not, users should still take preventive measures. Since DoublePulsar was leaked, security researchers are now worried that malicious hackers may start using the tool to download malware onto unsuspecting victims. According to PCWorld, machines running outdated versions of Windows are particularly vulnerable.

Infected computers throughout the world

According to tweets published by penetration test company Below0Day, the United States are the most affected country with 11,000 compromised computers. Other countries, including Germany and the United Kingdom, have over 1,500. It isn’t clear when the machines were infected.

Jennings has said that his script was created to help businesses identify DoublePulsar within their networks, not to scan the whole internet in search of infected machines. Dan Tentler, founder of security shop Phobos Group, has tested Jennings’ script by manually checking 50 flagged computers. All 50 were, indeed, infected.

As such, security researchers believe users should install all available patches as soon as possible in order to fix the problem. Older operating systems, such as Windows XP and Windows Server 2003 are at risk, as these are no longer being supported. Running antivirus might also help keep malware away.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.