• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 26th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security
Malware

CryptoMining malware Adylkuzz using the same vulnerability as WannaCry

May 17th, 2017 Jahanzaib Hassan Security, Malware 0 comments
CryptoMining malware Adylkuzz using the same vulnerability as WannaCry
Share on FacebookShare on Twitter

It seems that WannaCry had a predecessor that apparently carried out attacks which involved mining the cryptocurrency Monero using the same vulnerability found in Windows’ Sever Message Block (SMB) protocol.

Adylkuzz – another NSA enabled malware: According to the researchers, the crypto miners malware uses the same tool, EternalBlue, to exploit the same vulnerability in Microsoft Windows as WannaCry to launch attacks, however, security experts from Proofpoint who discovered the malware found that Adylkuzz was not only enabled through EternalBlue but also through another backdoor called DoublePulsar. Essentially, EternalBlue and DoublePulsar were responsible for installing WannaCry on vulnerable computers.

[irp posts=”48384″ name=”This Malware converts your Computer into a Cryptocurrency Miner”]

Nevertheless, Adylkuzz uses both DoublePulsar and EternalBlue to get installed and is much subtle than WannaCry was. Once EternalBlue is executed on vulnerable systems, DoublePulsar automatically infects the systems, and it then downloads Adylkuzz from the relevant servers.

Also, Adylkuzz has more than one command-and-control (C&C) center. Adylkuzz blocks the entire SMB network which implies that once it is in a system, it does not allow any other malware using the same vulnerability to infect the system. Also, it does not spread to other vulnerable computers since network sharing is completely abolished. As such, it is believed that Adylkuzz might have affected more computers than WannaCry.

What does Adylkuzz do? Primarily, the malware stops the victims from using shared Windows resources and adversely affects the performance of their PCs. However, ProofPrint reports the use of Adylkuzz to mine Monero cryptocurrency. According to ProofPrint, Adylkuzz was used to mine Monero cryptocurrency, thereby rewarding the attackers with large sums of money. ProofPrint also showed that Adylkuzz was being executed from different addresses, implying that the attackers did not want payments to be traced back to a single address.

[irp posts=”53482″ name=”Uiwix, yet another ransomware like WannaCry – only more dangerous”]

Adylkuzz predates WannaCry: Reports say that Adylkuzz might have been infecting systems since April 24 using the NSA tools leaked by the hacker group called the Shadow Brokers, and therefore precedes WannaCry, which appeared on May 12. This was discovered when experts tested a machine vulnerable to EternalBlue attack, and instead of seeing WannaCry, they saw Adylkuzz.

Such attacks may be possible in the future: Experts are saying that attacks using the same vulnerability and NSA tools can be possible in the future. This is indeed a convoluted situation with Microsoft blaming the NSA for not informing it about any of these vulnerabilities in the past.

Whether NSA did it on purpose or was just negligent about it, the ultimate price is being paid by the civilians who had no clue regarding the flaws. All one can do is keep one’s PC updated and install the SMB patch released by Microsoft last month.


DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.

  • Tags
  • Cryptocurrency
  • Cyber Crime
  • hacking
  • internet
  • Malware
  • Ransomware
  • security
  • WannaCry
Facebook Twitter LinkedIn Pinterest
Previous article Shocking: ExtraTorrent has been permanently shut down
Next article Zomato Hacked; 17 Million Accounts Sold on Dark Web
Jahanzaib Hassan

Jahanzaib Hassan

Related Posts
SonicWall hacked after 0-day flaws exploited by hackers

SonicWall hacked after 0-day flaws exploited by hackers

Gamarue malware found in UK Govt-funded laptops for homeschoolers

Gamarue malware found in UK Govt-funded laptops for homeschoolers

Shazam Vulnerability exposed location of Android, iOS users

Shazam Vulnerability exposed location of Android, iOS users

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Man jailed after attempting to buy 3-year-old girl on dark web
Cyber Crime

Man jailed after attempting to buy 3-year-old girl on dark web

88
SonicWall hacked after 0-day flaws exploited by hackers
Hacking News

SonicWall hacked after 0-day flaws exploited by hackers

120
Massive privacy risk as hacker sold 2 million MyFreeCams user records
Cyber Crime

Massive privacy risk as hacker sold 2 million MyFreeCams user records

158

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us