Categories: CryptoNews

Cryptocurrency Mining Malware CoinMiner Spreads Using NSA Exploit

Mining cryptocurrency can be extremely profitable, especially if you use someone else’s computer to avoid paying for expensive hardware or electricity. According to Japanese security firm Trend Micro, hackers have created malware known as CoinMiner that uses an exploit developed by the NSA to use victims’ computers to mine cryptocurrencies.

Cryptocurrency Mining Malware

According to reports, CoinMiner exploits a component in PCs known as Windows Management Instrumentation (WMI) and infects computers using an NSA tool called EternalBlue. This is the same tool that WannaCry used to infect computers all over the world.

Microsoft fixed the EternalBlue exploit through a patch released back in March, but users have been slow to update. Once the malware accesses a machine, it runs a backdoor and installs several WMI scripts that connect to its server, gather instructions, and then download the miner. WMI is a core Windows component used for management tasks such as monitoring disk space, and it can be secured.

After infecting a computer, the fileless malware essentially enslaves it and uses its power to mine cryptocurrencies for the hackers. CoinMiner has mostly been observed in Asian countries, predominantly Japan and Indonesia.

In a blog post, Trend Micro researcher Buddy Tancio stated:

“The combination of fileless WMI scripts and EternalBlue makes this threat extremely stealthy and persistent. Fileless malware can be a difficult threat to analyse.”

Related Post

Tancio added that fileless attacks are becoming more common, and that legitimate tools and services, such as WMI, are increasingly being used in attacks. Notably, WMI malware was used in the infamous Stuxnet malware that caused substantial damage to Iran’s nuclear program.

According to Trend Micro, the new mining operation includes a timer that triggers the malicious WMI script every three hours, presumably to guarantee that infected computers keep mining.

Cryptocurrency mining malware is not new. Back in May, the Merkle wrote about Monero mining malware “Adylkuzz” and how it had prevented the WannaCry ransomware campaign from spreading even further. It stopped WannaCry by closing down SMB ports after infiltrating a computer. Closing those ports can also help avoid CoinMiner infections.

EternalBlue, the NSA exploit used to infect computers, was revealed as the driving force behind CoinMiner by the Shadow Brokers, a hacker group that has released several leaks containing NSA hacking tools, some even including zero-day exploits.

What Can be Done

CoinMiner only infects Windows machines, and Trend Micro offers a few suggestions to help keep users safe. IT administrators should restrict and disable WMI as needed so that only select administrators can use it. In fact, some computers do not need the WMI service, and Microsoft itself has a guide on how to stop it

.

Given that EternalBlue is CoinMiner’s entry point, users should update their operating system, as a patch was released back in March. To avoid exposure to other types of malware, one’s software and other applications should continually be updated.

Francisco Memoria

Francisco is a cryptocurrency enthusiast who's lucky enough to be able to write about his passion.

Share
Published by
Francisco Memoria

Recent Posts

These 3 Cryptos Might Rival Solana, Offering Growth Potential For Investors

Solana's (SOL) meteoric rise surprised the crypto world, leaving many investors feeling they missed out…

5 hours ago

SOL Market Cap Hits $100 Billion as Possible Infinaeon Long-Term Price Targets Surge

The SOL price has surged to well over $200 as its market capitalization exceeded $100…

6 hours ago

XRP Price Prediction: Ripple Could Hit $3 as in 2018 Soon, but RCOF Could Rise Above it from $0.05

When the XRP price shot past $3 in 2018, it carved its place as a…

6 hours ago

BlockDAG’s 100% Bonus Energizes the Market & Cutoshi’s Presale Surges

BlockDAG Drops a Huge 100% Bonus in the Bull Run As Cutoshi Presale Heats Up!…

9 hours ago

Solana Meme Coin Duo PNUT and ACT Rocket On Binance Listings, Could This Altcoin Be Next?  

Memes have been on fire lately, with Solana newcomers Peanut The Squirrel and Act 1:…

10 hours ago

Cardano Price Rockets 50% in a Week! Experts Reveal the Next Crypto to Watch

Cardano price has lit up the crypto world with a dramatic 50% price surge that…

10 hours ago