• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 26th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security
Malware

New Fileless Cryptocurrency Miner Hits Windows Using EternalBlue Flaw

August 22nd, 2017 Waqas Malware 0 comments
New Fileless Cryptocurrency Miner Hits Windows Using EternalBlue Flaw
Share on FacebookShare on Twitter

Cyber security firm Trend Micro’s research team has identified that the latest breed of cryptocurrency miner operates as a fileless malware, which means the malware exists in the memory of the infected system only. Its key targets are Windows based systems, and it uses the EternalBlue exploit to gain access to the system and being a fileless malware it becomes relatively much easy to avoid detection.

The Eternalblue vulnerability is the same that was used in the WannaCry ransomware back in May and in a mass ransomware campaign known as Petya, NotPetya, and GoldenEye which targeted European regions in June.

According to the blog post from Trend Micro, the miner so far is affecting systems located in the Asia Pacific region while the major target countries include Thailand, Indonesia, Japan, Taiwan, and India. The research team identified the miner in July.

Reportedly, the malware utilized a core component of Windows OS called the Windows Management Instrumentation (WMI). It is used for performing daily management tasks. The infection enters a system via EternalBlue vulnerability, as a backdoor on Windows OS and they install numerous WMI scripts. These scripts are then linked with the attacker’s C&C server to receive further instructions and download the cryptocurrency miner malware.

Microsoft has advised system administrators to limit and disable WMI to prevent the malware from infecting the system. It is not a difficult task since the company maintains that not every system needs the WMI service; so if WMI access is not needed it is better to disable it in order to eliminate the risk.

[fullsquaread][/fullsquaread]

A tool has also been provided by Microsoft that can trace WMI activity, and a quick guide on stopping the WMI service for good is also available. To further reduce the probability of infection the company advises to disable SMBv1 as well. A patch for the EternalBlue vulnerability has already been released in March 2017.

Trend Micro stated that there are still a large number of systems that are at risk. It is, according to the security firm, important that users make sure “the operating system, software, and other applications are updated with the latest patches deters threats from using security gaps as their doorways into systems and networks.”

It is indeed a reality that Fileless malware is a complicated threat because it makes it very difficult to detect and carry out forensic investigations. This is why nowadays, threat actors are producing fileless malware threats in large proportions.

Users need to search the hard drive for the presence of malicious files, but even that isn’t enough because you will only capture systems memory. However, some Windows artifacts like Shimcache, prefetch or muicache may offer clues for investigation. You can also configure Windows event logs to track system activity and provide helpful information.

  • Tags
  • Cryptocurrency
  • Cyber Crime
  • hacking
  • internet
  • Malware
  • Petya
  • Ransomware
  • security
  • WannaCry
  • Windows
Facebook Twitter LinkedIn Pinterest
Previous article Enigma Marketplace Hacked; $500,000 in Ethereum Stolen
Next article A $500 Device can Crack iPhone 6 and 7 Passcodes within Minutes
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
Watch out as new Android malware spreads through WhatsApp

Watch out as new Android malware spreads through WhatsApp

Gamarue malware found in UK Govt-funded laptops for homeschoolers

Gamarue malware found in UK Govt-funded laptops for homeschoolers

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
TikTok vulnerability allowed hackers to access users' phone numbers
Security

TikTok vulnerability allowed hackers to access users' phone numbers

37
Why you should never use free a VPN
Drones

Why you should never use free a VPN

20
Watch out as new Android malware spreads through WhatsApp
Security

Watch out as new Android malware spreads through WhatsApp

196

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us