WannaMine is the name of the latest malware attack that uses the NSA exploit “EternalBlue”. Malware researchers from Panda Security were first to discover it back in October last year. The WannaMine malware uses two Windows in-built tools – PowerShell and WMI (Windows Management Instrumentation) to execute commands on an infected computer system.
Similar to the infamous Bitcoin miner virus, WannaMine is in actuality a crypto-worm designed to use a computer’s CPU (Central Processor Unit) and other resources to mine the Monero cryptocurrency for malicious authors. Researchers discovered that this worm utilizes Mimikatz – a program that can obtain a user’s credential which could be used for lateral movements from one machine to another. In case that technique does not work, the EternalBlue exploit is triggered as a backup spreading tactic.
What Does the WannaMine Worm Do Once It Infects?
The malicious code implements “living off the land” techniques to gain persistence on an infected computer machine by getting access to the WMI service (Windows Management Instrumentation) for constant event subscriptions. WannaMine registers a permanent event subscription that would execute a PowerShell command located in the Event Consumer each ninety minutes.
Due to the high percentage of CPU utilization, the worm can cause crashes of software programs on the compromised computer device as well as crashes of the Operating System. Security analysts state that the malicious code of the cryptocurrency worm is highly sophisticated making it a big threat because of its preservation techniques. The EternalBlue exploit keeps being used due to its effectiveness. If you remember the WannaCry attack used that exploit for the first time back in May, 2017 and only a month after that, at least three malware threats followed suit. And although WannaMine may not be as a serious threat as WannaCry, the crypto-worm could still cause a 100% CPU utilization making the system inoperable again.
As the WannaMine worm is rather fileless it is quite difficult to get detected by security programs and even harder to remove. If the malware runs for several hours it can damage computers to a high degree. However, a security program could prevent at last some of the actions of such a malware and alert you about irregularities going on in your computer device. You should keep your system updated with the latest security patches for your operating system as well as updating programs on a regular basis.
We highly recommend that all computer users scan their system for active infections and malware using a security software. That could prevent many malicious actions and stop further distribution of malware.
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter
