Home > Cyber News > WannaMine – Cryptoworm That Mines Monero by Force

WannaMine – Cryptoworm That Mines Monero by Force

WannaMine is the name of the latest malware attack that uses the NSA exploit “EternalBlue”. Malware researchers from Panda Security were first to discover it back in October last year. The WannaMine malware uses two Windows in-built tools – PowerShell and WMI (Windows Management Instrumentation) to execute commands on an infected computer system.

Similar to the infamous Bitcoin miner virus, WannaMine is in actuality a crypto-worm designed to use a computer’s CPU (Central Processor Unit) and other resources to mine the Monero cryptocurrency for malicious authors. Researchers discovered that this worm utilizes Mimikatz – a program that can obtain a user’s credential which could be used for lateral movements from one machine to another. In case that technique does not work, the EternalBlue exploit is triggered as a backup spreading tactic.

Related Story: Microsoft Edge Application Guard Will Protect against the Mimikatz Tool

What Does the WannaMine Worm Do Once It Infects?

The malicious code implements “living off the land” techniques to gain persistence on an infected computer machine by getting access to the WMI service (Windows Management Instrumentation) for constant event subscriptions. WannaMine registers a permanent event subscription that would execute a PowerShell command located in the Event Consumer each ninety minutes.

Due to the high percentage of CPU utilization, the worm can cause crashes of software programs on the compromised computer device as well as crashes of the Operating System. Security analysts state that the malicious code of the cryptocurrency worm is highly sophisticated making it a big threat because of its preservation techniques. The EternalBlue exploit keeps being used due to its effectiveness. If you remember the WannaCry attack used that exploit for the first time back in May, 2017 and only a month after that, at least three malware threats followed suit. And although WannaMine may not be as a serious threat as WannaCry, the crypto-worm could still cause a 100% CPU utilization making the system inoperable again.

Related Story: Crypto Ransomworm, the Ultimate Ransomware Infection of 2017?

As the WannaMine worm is rather fileless it is quite difficult to get detected by security programs and even harder to remove. If the malware runs for several hours it can damage computers to a high degree. However, a security program could prevent at last some of the actions of such a malware and alert you about irregularities going on in your computer device. You should keep your system updated with the latest security patches for your operating system as well as updating programs on a regular basis.

We highly recommend that all computer users scan their system for active infections and malware using a security software. That could prevent many malicious actions and stop further distribution of malware.


Malware Removal Tool

Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter

Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree