Jump to content

Malware based off an NSA security exploit is being used to mine cryptocurrency, and it's on the rise


Recommended Posts




Your PC might be making some criminal sweet, sweet cash, according to the findings of a cybersecurity firm.

You might remember the chaos caused by the WannaCry cybersecurity crisis last year, where a security exploit developed by the National Security Agency in the US was used to create a devestating ransomware attack on an international scale that affected over 230,000 computers in over 150 countries. Well, out of the fire of that nightmare has come a new exploit called WannaMine, with a completely different goal in mind; to covertly use infected computers and networks to mine cryptocurrency.

Cybersecurity firm Panda Security from Spain discovered WannaMine in October, and according to cybersecurity firm CrowdStrike, it has grown significantly since; potentially infecting tens of thousands of computers. Furthermore, it poses additional risks due to how it gains access to victim compuerts; it uses a two pronged approach, stealing stolen logins to try and break in to a victim's computer via a tool called Mimicatz before resorting to the EternalBlue method of breaking into the victim's computer. According to CrowdStrike, WannaMine can infect a computer in an array of ways, ranging from a user clicking on a malicious link in an email or webpage to targeted remote access attack by a hacker. Once the WannaMine script has infected a computer, it uses two normal Windows applications—PowerShell and Windows Management Instrumentation—to do its dirty work. This has disastrous implications as antivirus software on the average user's computer will be unable to detect the malware due to it not leaving any files as a trace.


While it's well noted by mining aficionados that CPU mining has notoriously weak yields and is usually wort little, doing so on the scale of tens of thousands of infected computers and large mainframe networks can be much more profitable; and much more dangerous. Furthermore, WannaMine manages to bypass this obstacle by mining a cryptocurrency called Monero, which is popular with malware miners because it can be generated with consumer hardware like CPU's rather than expensive GPU's. While this may not have drastic implications for the average consumer aside from a noticeably slower PC, this exploit has proven disastrous for businesses and mainframes. The malware has led to multiple companies' computer and network infrastructure completely shutting down, leading to several days of downtime and lost work.

As cryptocurrency malware gets more efficient and harder to detect, it's likely that this will not be the last time we hear about criminals profiting significantly off of the suffering of the average, computer-illiterate user. While WannaMine can be removed on an individual system level, as of today no complete system patch for it exists, leaving millions of systems potentially vulnerable to being tuned into nonconsensual mining rigs.



Link to comment
Share on other sites

  • Replies 1
  • Created
  • Last Reply

The key is this is based off EternalBlue.  That malware last year, WannaCry, according to a report I read yesterday, infected 230,000 computers in 150 countries.  That is really an insignificant number, except to those infected.  The fix for that problem was to turn off Server Message Block (SMB) 1.0.  Obviously there are people who didn't since this is using the same malware to infect the systems.  However, based on the infections from a year ago, there should be a lot fewer with the WannaMIne malware.


If you haven't disabled SMB 1.0, shame on you.  

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...