Categories: NewsSecurity

NSA’s DOUBLEPULSAR Exploit Aids in Distributing New Monero Mining Malware

It has been a while since cybercirminals leveraged one of the many NSA exploits in circulation. It now turns out a new type of malware is making the rounds. This particular tool infects Windows computers with a cryptocurrency mining Trojan. The distribution of the malware is made possible thanks to the DOUBLEPULSAR exploit, which targets unsecured SMB services. It is a very simple backdoor, yet one that could cause a lot of damage.

Leveraging Another NSA Exploit for Cryptocurrency Mining

Over the past few years, we have seen multiple cryptocurrency mining malware types. Most of these tools are distributed through email spam campaigns and infect a computer with a malicious tool which will hijack computing resources to mine Bitcoin or other cryptocurrencies. Even though regular computer hardware will not net a lot of earnings, it doesn’t matter much if you don’t own the computer nor pay for the electricity being consumed.

The new cryptocurrency mining malware is called Trojan.BtcMine.1259. It has been in circulation for at least one full week, although this is merely an estimated period of time. As we would somewhat expect, this particular Trojan uses a well-known NSA exploit, which goes by the name of DOUBLEPULSAR. This particular exploit is one of the many backdoors used by the NSA in recent years. For now, it seems to mainly target Windows computers, even though the code can be modified to infect Linux servers as well.

It appears this new cryptocurrency mining trojan combines various existing malware libraries. It shows similarities to the Ghost RAT, among other things. Even though it has “Btc” in the name, this malware is not designed to mine Bitcoin whatsoever. Instead, it will try to mine Monero, a cryptocurrency which is quickly becoming popular among cybercriminals. This is mainly due to the anonymity and privacy traits Monero has to offer. Bitcoin lacks such features, to say the least.

Related Post

Even though this is a rather troublesome type of malware, there is some good news as well. The number of Windows machines vulnerable to the DOUBLEPULSAR exploit is on the decline. In fact, there are still 16000 vulnerable Windows machines to be found around the world. However, the number is a lot smaller compared to the number of victims made by the WannaCry ransomware. That particular attack leveraged the DOUBLEPULSAR exploit as well.

What is rather remarkable is how this Monero-mining malware performs a check to determine if the target computer has enough CPU resources. If this is not the case, the malware will go dormant again, and never resurface. If the computer is powerful enough to conduct mining operations however, the cryptocurrency mining payload will be downloaded as a result. One would expect criminals distributing cryptocurrency mining malware to just infect as many computers as possible. That does not appear to be the case where this particular Trojan is concerned.

It is evident cybercriminals are not done with cryptocurrency mining malware just yet. Using a well-known NSA exploit to distribute this Trojan is quite interesting, albeit it remains to be seen how successful this venture will be. A lot of computers do not have enough CPU resources to even mine Monero. Even if they do, the total earnings will be minimal, at best. It remains to be seen if we will see more advanced versions of cryptocurrency mining malware in the future.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

Best Altcoins to Invest in Today: Qubetics Sets the Stage for Blockchain’s Future as Bitcoin Hits $108K and Litecoin Soars

The cryptocurrency world has always been a hotbed of innovation, attracting both seasoned investors and…

2 hours ago

Dogecoin Millionaire Predicts This Undervalued Altcoin Could Match DOGE’s 2021 Gains

Dogecoin's 2021 rally was a historic one, turning ordinary investors into overnight millionaires. This magnificent…

3 hours ago

Qubetics Presale Skyrockets to $7.5M as XRP and Arbitrum Lead Best Altcoins for Exponential Returns

The crypto market is always evolving, with big names like Bitcoin and Ethereum leading the…

4 hours ago

Over 300K Users Actively Mine Crypto On BlockDAG’s X1 Miner App While BNB Bulls Eye $3K; What’s XRP’s Price Target?

The crypto market is ablaze with excitement as altcoins like XRP and BNB make major…

4 hours ago

Best Crypto Presale To Buy Now: Rollblock Delivers For Holders With New License, Record Sign Ups and 7000+ Games

Rollblock is quickly becoming the best crypto presale to buy, delivering unmatched value for its…

7 hours ago

Polkadot And Uniswap Gearing For Post-Christmas Jump As Rollblock Raises $7.4 Million in Presale

While Rollblock's continues its crypto presale, with its value increasing regularly, Polkadot (DOT) and Uniswap…

8 hours ago