Casa > cibernético Notícias > Adylkuzz Uses WannaCry Exploits, Mines Monero criptomoeda

Adylkuzz Usa WannaCry Exploits, Mines Monero criptomoeda

Pesquisadores de segurança da Proofpoint acabaram de revelar que houve outro ataque que usou as mesmas explorações implantadas no surto global de ransomware do WannaCry. Mais particularmente, Proofpoint’s Kafeine researcher says that the EternalBlue exploit has been used together with a backdoor outlined as DoublePulsar. Both of them were deployed in the WannaCry operation. Instead of ransomware, Contudo, this other campaign was distributing cryptocurrency mining software identified as Adylkuzz.

Story relacionado: Topo 5 WannaCry ransomware Mitigations adotar Agora

Technical Details about Adylkuzz WannaCry

Proodpoint diz that they discovered “another very large-scale attack using both EternalBlue and DoublePulsar to install the cryptocurrency miner Adylkuzz.“

Initial statistics suggest that this attack may be larger in scale than WannaCry, affecting hundreds of thousands of PCs and servers worldwide: because this attack shuts down SMB networking to prevent further infections with other malware (including the WannaCry worm) via that same vulnerability, it may have in fact limited the spread of last week’s WannaCry infection.

The researchers believe that the Adylkuzz attack started between April 24 e pode 2. Similar to the WannaCry ransomware campaign, this attack was also quite successful targeting machines that hadn’t yet installed Microsoft updates from March that addressed the exploited vulnerabilities.

AdylKuzz Discovery

q In the course of researching the WannaCry campaign, we exposed a lab machine vulnerable to the EternalBlue attack. While we expected to see WannaCry, the lab machine was actually infected with an unexpected and less noisy guest: the cryptocurrency miner Adylkuzz. We repeated the operation several times with the same result: dentro 20 minutes of exposing a vulnerable machine to the open web, it was enrolled in an Adylkuzz mining botnet.

AdylKuzz Symptoms

Loss of access to shared Windows resources and degradation of PC and server performance are among the top symptoms of this malware.

Several large organizations also reported network issues that were originally attributed to the WannaCry campaign, os pesquisadores observaram. These problems organizations were having are most likely triggered by Adylkuzz activity, as there was no report of ransom notes. Worse is that this attack seems to be ongoing and even though it hasn’t received much attention, it’s certainly “quite large and potentially quite disruptive”.

Story relacionado: O que é “Ooops, Seus arquivos importantes são criptografados”

The Adylkuzz attack is initiated from several virtual private servers known to be massively scanning the Internet on TCP port 445 for potential victims. Once the machine is successfully exploited via EternalBlue, it is then infected with the DoublePulsar backdoor. The next stage of the attack is the download and activation of Adylkuzz which is run from another host. Once the malware is running it will first stop any potential instances of itself already running and will block SMB communication to avoid further infection, the researchers explain in their report.

Finalmente, Adylkuzz determines the public IP address of the victim and downloads the mining instructions, the cryptominer, and some cleanup tools. Além disso, there are multiple Adylkuzz command and control servers hosting the cryptominer binaries and mining instructions at any time.

Adylkuzz Is Being Used to Mine Monero Cryptocurrency

moeda (XMR) is advertised as a secure, privado, untraceable currency. It is open-source and freely available to all. With Monero, you are your own bank. According to Monero’s official local na rede Internet, only you control and are responsible for your funds, and your accounts and transactions are kept private from prying eyes.

No início deste ano, we wrote about the criminal potential of Monero, which had drawn the attention of the Federal Bureau due to the possibility of criminal exploits.

Story relacionado: Monero criptomoeda a seguir Bitcoin em popularidade Criminal?

Monero was launched in 2014 and has enhanced privacy features. It is a fork of the Bytecoin codebase and it uses identity-obscuring ring signatures. This is how the cryptocurrency conceals which funds have been sent in both directions – to whom and by whom.

The researchers say that they have identified more than 20 host setups to scan and attack. They are also aware of more than a dozen active Adylkuzz command and control servers. There are possibly many more Monero mining payment addresses and Adylkuzz command and control servers.

Because researchers from various security companies expect many more associated attacks to follow, it’s highly recommended that both organizations and home users patch their systems immediately to avoid any compromise.

Milena Dimitrova

Milena Dimitrova

Um escritor inspirado e gerente de conteúdo que está com SensorsTechForum desde o início do projeto. Um profissional com 10+ anos de experiência na criação de conteúdo envolvente. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

Compartilhar no Facebook Compartilhar
Compartilhar no Twitter chilrear
Compartilhar no Google Plus Compartilhar
Partilhar no Linkedin Compartilhar
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Partilhar no StumbleUpon Compartilhar