Monero Mining Malware Prevented WannaCry From Infecting Even More Computers

It is rather strange to think of cryptocurrency-mining malware as a potential ally in the ongoing fight against cryptocurrency ransomware. Interestingly enough, that is exactly what happened. A few weeks prior to the WannaCry attack, the Adylkuzz crypto-mining malware infected a lot of computers using the same exploit. This also prevented the WannaCry ransomware from infecting these same devices.

Monero Mining Malware To The Rescue

This entire story has proven to be quite intriguing, to say the least. Adylkuzz is a cryptocurrency-mining malware infecting hundreds of Windows computers around the world. To do so, it uses the same NSA exploits used by the recent WannaCry ransomware, which caused major havoc around the world. This goes to show criminals are well aware of these NSA exploits and will attempt to use them for their own benefit.

What makes Adylkuzz so interesting is how it infects computers in order to mine Monero. As most cryptocurrency users are well aware of, Monero is a popular cryptocurrency providing users with additional anonymity. Once a computer is infected with this mining malware, it can be quite difficult to uninstall it. However, the people who had not done so during the WannaCry ransomware attack unknowingly took the best course of action.

To be more specific, Adylkuzz closes down SMB ports once it infiltrates a computer. This is done to prevent other malware from infecting the same computer and stealing resources from the Monero mining malware. A clever trick by the developers, although they would have never expected to be the “hero” at the same time. Since these computers have their SMB ports blocked off, WannaCry could not infect these machines either.

Adylkuzz first started appearing on the scene about three weeks prior to the WannaCry ransomware attack. It is highly doubtful both types of malicious software are created by the same developers, though. It would not be in their best interest to let two creations compete for the exact same resources. A lot of computers who had their SMB port exposed to the internet were infected with Adylkuzz, and quite a few of those machines have not removed the Monero mining malware ever since.

In the end, the Adylkuzz Monero mining malware saved a lot of vulnerable machines from getting infected by WannaCry. That being said, the ransomware still infected over 220,000 machines around the world, which goes to show this scale of operation was much larger compared to Adylkuzz’s.  Additionally, it is possible some of the WannaCry attacks may have in fact been Adylkuzz infections, although that has not been officially confirmed.

There is one lesson to learn from this entire story, though. A lot of Windows machines leave their SMB port open to attack. That is a major security flaw users will need to address sooner rather than later. Some people may argue getting infected with Monero mining malware is the lesser of two evils, and they would be somewhat right. However, no one should suffer from either attack in the first place.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.