Tag Archives: Monero

WannaMine – new cryptocurrency malware exposes failings of traditional anti-virus tools

Cryptocurrencies have hit the headlines again this week, but this time it is not for good reasons. Nicknamed “WannaMine”, a new malware variant has been taking over computers around the world, hijacking them to mine a cryptocurrency called Monero.

WannaMine was first discovered by Panda Security in October last year, but the malware is only just coming to the attention of the general public, thanks to a number of high profile infections. But unlike other malware variants, WannaMine is proving particularly hard to detect and block.

What does WannaMine do?

At the most basic level, WannaMine has been designed to mine a cryptocurrency called Monero. The malware silently infects a victim’s computer, and then uses it to run complex decryption routines that create new Monero. The currency is then added to a digital wallet belonging to the hackers, ready to be spent whenever they choose.

This may sound relatively harmless, but the mining process takes priority over legitimate activities. An infected computer begins to slow down – a particularly frustrating experience for users.

What is the problem?

There are several serious problems with WannaMine. First, the way in which it tries to make maximum use of the processor and RAM places the computer under great strain. Eventually the computer will begin to fail, requiring costly repairs – or even complete replacement.

The second major problem is to do with the way in which WannaMine spreads itself. Initially there is nothing unusual about the malware – users are tricked into downloading the malware via email attachments or infected websites. Once installed however, WannaMine uses some very clever tricks to spread across the network.

By using two (important) built-in Windows tools – PowerShell and Windows Management Instrumentation – WannaMine tries to capture login details that allow it to connect to other computers remotely. If that technique fails, WannaMine then falls back on the same security exploit (EternalBlue) used by the WannaCry ransomware to spread itself.

Because it uses built-in Windows tools WannaMine is being described as “fileless”, making it incredibly hard to detect and block. In fact, some reports suggest that many traditional anti-virus applications cannot detect WannaMine, or protect users against it.

Protecting against WannaMine

The only way to spot a WannaMine infection is by carefully monitoring the applications and services running on a computer, using a technique that Panda Security call “Adaptive Defense”. Panda Security scans all incoming files and prevents infection before WannaMine can compromise a computer.

As well as having a robust, modern anti-virus application installed on all your computers, it is vital that they are all routinely updated and patched to close the loopholes used by malware. The EternalBlue exploit used by WannaMine and WannaCry was patched by Microsoft in March 2017 – but many Windows users have not applied the update, leaving themselves vulnerable.

Keeping your computer up-to-date and installing security tools like Panda Antivirus will help to block cryptocurrency malware before it can take over your computer. And as WannaMine shows – if your computer is infected, it may soon spread to other computers and devices on your network.

Download your Antivirus

The post WannaMine – new cryptocurrency malware exposes failings of traditional anti-virus tools appeared first on Panda Security Mediacenter.

Read More

Not just Bitcoin: cryptocurrencies to keep an eye on

Non solo Bitcoin: le critpovalute su cui puntare

The boom over the past few months has piqued interest surrounding Bitcoin. Enthusiasts and miners have known about cryptocurrency for years, while everyone else is just now learning what it means to manage a digital portfolio, watch your loot grow, and, unfortunately, see sudden and unexpected drops in value. In just a few months, the […]

The post Not just Bitcoin: cryptocurrencies to keep an eye on appeared first on Avira Blog.

Read More

Adylkuzz, the cryptocurrency mining botnet that travels in the shadow of WannaCry

Adylkuzz, the cryptocurrency mining botnet that travels in the shadow of WannaCry

With its May 12 onslaught, the WannaCry (also known as WannaCrypt, WannaCrypt0r, or WCry) ransomware has generated numerous headlines. It does have all the elements of a good story: stockpiled vulnerabilities from a US spy agency, release from mysterious hacker group, widespread impact on individuals and hospitals around the globe, and even rumors that the […]

The post Adylkuzz, the cryptocurrency mining botnet that travels in the shadow of WannaCry appeared first on Avira Blog.

Read More

Weeks Before WannaCry, Cryptocurrency Mining Botnet Was Using Windows SMB Exploit

A security researcher has just discovered a stealthy cryptocurrency-mining malware that was also using Windows SMB vulnerability at least two weeks before the outbreak of WannaCry ransomware attacks.

According to Kafeine, a security researcher at Proofpoint, another group of cyber criminals was using the same EternalBlue exploit, created by the NSA and dumped last month by the Shadow Brokers,

Read More