The attack could have been averted through a technique called subresource integrity, according to researcher Scott Helme.
Crypto mining botnets provide a stealthy way to generate big bucks, without the downsides of ransomware.
Cryptocurrencies have hit the headlines again this week, but this time it is not for good reasons. Nicknamed “WannaMine”, a new malware variant has been taking over computers around the world, hijacking them to mine a cryptocurrency called Monero.
WannaMine was first discovered by Panda Security in October last year, but the malware is only just coming to the attention of the general public, thanks to a number of high profile infections. But unlike other malware variants, WannaMine is proving particularly hard to detect and block.
What does WannaMine do?
At the most basic level, WannaMine has been designed to mine a cryptocurrency called Monero. The malware silently infects a victim’s computer, and then uses it to run complex decryption routines that create new Monero. The currency is then added to a digital wallet belonging to the hackers, ready to be spent whenever they choose.
This may sound relatively harmless, but the mining process takes priority over legitimate activities. An infected computer begins to slow down – a particularly frustrating experience for users.
What is the problem?
There are several serious problems with WannaMine. First, the way in which it tries to make maximum use of the processor and RAM places the computer under great strain. Eventually the computer will begin to fail, requiring costly repairs – or even complete replacement.
The second major problem is to do with the way in which WannaMine spreads itself. Initially there is nothing unusual about the malware – users are tricked into downloading the malware via email attachments or infected websites. Once installed however, WannaMine uses some very clever tricks to spread across the network.
By using two (important) built-in Windows tools – PowerShell and Windows Management Instrumentation – WannaMine tries to capture login details that allow it to connect to other computers remotely. If that technique fails, WannaMine then falls back on the same security exploit (EternalBlue) used by the WannaCry ransomware to spread itself.
Because it uses built-in Windows tools WannaMine is being described as “fileless”, making it incredibly hard to detect and block. In fact, some reports suggest that many traditional anti-virus applications cannot detect WannaMine, or protect users against it.
Protecting against WannaMine
The only way to spot a WannaMine infection is by carefully monitoring the applications and services running on a computer, using a technique that Panda Security call “Adaptive Defense”. Panda Security scans all incoming files and prevents infection before WannaMine can compromise a computer.
As well as having a robust, modern anti-virus application installed on all your computers, it is vital that they are all routinely updated and patched to close the loopholes used by malware. The EternalBlue exploit used by WannaMine and WannaCry was patched by Microsoft in March 2017 – but many Windows users have not applied the update, leaving themselves vulnerable.
Keeping your computer up-to-date and installing security tools like Panda Antivirus will help to block cryptocurrency malware before it can take over your computer. And as WannaMine shows – if your computer is infected, it may soon spread to other computers and devices on your network.
The post WannaMine – new cryptocurrency malware exposes failings of traditional anti-virus tools appeared first on Panda Security Mediacenter.
The boom over the past few months has piqued interest surrounding Bitcoin. Enthusiasts and miners have known about cryptocurrency for years, while everyone else is just now learning what it means to manage a digital portfolio, watch your loot grow, and, unfortunately, see sudden and unexpected drops in value. In just a few months, the […]
The post Not just Bitcoin: cryptocurrencies to keep an eye on appeared first on Avira Blog.
The Equifax data breach saga so far, a Google HTTPS warnings paper, cryptocurrency mining at the Pirate Bay, and bringing machine learning to passwords are all discussed.
A cryptocurrency miner surfaced on The Pirate Bay for a day over the weekend.
With its May 12 onslaught, the WannaCry (also known as WannaCrypt, WannaCrypt0r, or WCry) ransomware has generated numerous headlines. It does have all the elements of a good story: stockpiled vulnerabilities from a US spy agency, release from mysterious hacker group, widespread impact on individuals and hospitals around the globe, and even rumors that the […]
The post Adylkuzz, the cryptocurrency mining botnet that travels in the shadow of WannaCry appeared first on Avira Blog.
A security researcher has just discovered a stealthy cryptocurrency-mining malware that was also using Windows SMB vulnerability at least two weeks before the outbreak of WannaCry ransomware attacks.
According to Kafeine, a security researcher at Proofpoint, another group of cyber criminals was using the same EternalBlue exploit, created by the NSA and dumped last month by the Shadow Brokers,