Categories: NewsSecurity

NSA’s DOUBLEPULSAR Exploit Aids in Distributing New Monero Mining Malware

It has been a while since cybercirminals leveraged one of the many NSA exploits in circulation. It now turns out a new type of malware is making the rounds. This particular tool infects Windows computers with a cryptocurrency mining Trojan. The distribution of the malware is made possible thanks to the DOUBLEPULSAR exploit, which targets unsecured SMB services. It is a very simple backdoor, yet one that could cause a lot of damage.

Leveraging Another NSA Exploit for Cryptocurrency Mining

Over the past few years, we have seen multiple cryptocurrency mining malware types. Most of these tools are distributed through email spam campaigns and infect a computer with a malicious tool which will hijack computing resources to mine Bitcoin or other cryptocurrencies. Even though regular computer hardware will not net a lot of earnings, it doesn’t matter much if you don’t own the computer nor pay for the electricity being consumed.

The new cryptocurrency mining malware is called Trojan.BtcMine.1259. It has been in circulation for at least one full week, although this is merely an estimated period of time. As we would somewhat expect, this particular Trojan uses a well-known NSA exploit, which goes by the name of DOUBLEPULSAR. This particular exploit is one of the many backdoors used by the NSA in recent years. For now, it seems to mainly target Windows computers, even though the code can be modified to infect Linux servers as well.

It appears this new cryptocurrency mining trojan combines various existing malware libraries. It shows similarities to the Ghost RAT, among other things. Even though it has “Btc” in the name, this malware is not designed to mine Bitcoin whatsoever. Instead, it will try to mine Monero, a cryptocurrency which is quickly becoming popular among cybercriminals. This is mainly due to the anonymity and privacy traits Monero has to offer. Bitcoin lacks such features, to say the least.

Related Post

Even though this is a rather troublesome type of malware, there is some good news as well. The number of Windows machines vulnerable to the DOUBLEPULSAR exploit is on the decline. In fact, there are still 16000 vulnerable Windows machines to be found around the world. However, the number is a lot smaller compared to the number of victims made by the WannaCry ransomware. That particular attack leveraged the DOUBLEPULSAR exploit as well.

What is rather remarkable is how this Monero-mining malware performs a check to determine if the target computer has enough CPU resources. If this is not the case, the malware will go dormant again, and never resurface. If the computer is powerful enough to conduct mining operations however, the cryptocurrency mining payload will be downloaded as a result. One would expect criminals distributing cryptocurrency mining malware to just infect as many computers as possible. That does not appear to be the case where this particular Trojan is concerned.

It is evident cybercriminals are not done with cryptocurrency mining malware just yet. Using a well-known NSA exploit to distribute this Trojan is quite interesting, albeit it remains to be seen how successful this venture will be. A lot of computers do not have enough CPU resources to even mine Monero. Even if they do, the total earnings will be minimal, at best. It remains to be seen if we will see more advanced versions of cryptocurrency mining malware in the future.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

Altcoin Alert: Crypto Market Cap Breaches Key Level Hinting at an 8000x Rally for this Shiba Inu Killer

Shiba Inu (SHIB) gave enormous returns in 2021, making many early holders millionaires. After the…

3 hours ago

XRP Crash? XRP Falls Below $0.5 Resistance Level as Next Gen Altcoin JetBolt Takes Over

Spooky season might be over but doom is still looming as Ripple’s XRP falls below…

6 hours ago

This New Exchange Token Is Poised for a Price Surge Alongside Cardano and Avalanche – Analysts Predict Huge Gains This November

Three promising altcoins are causing a stir among investors this November: Avalanche (AVAX), Cardano (ADA),…

6 hours ago

With Dogecoin Dipping and TRON Holding, Is Lunex the Hottest Crypto Now?  

Everyone knows what the hottest crypto can do. When it was so hot it was…

6 hours ago

Tron Fees To Be Cut In Half Through Proposal 95, Cutoshi Surpasses $600k As TRX Investors Join CUTO Presale

The Tron network has witnessed incredible growth in several areas, especially in its adoption, which…

7 hours ago

$Pepe Whale Sell-Off And Fund Transfers Stir Volatility In Meme Coin Market

Recently, major $PEPE holder Flow Traders transferred 520 billion $PEPE tokens—worth approximately $4.73 million—from address…

16 hours ago