After facing a massive “Wanna Crypt” ransom ware attack that exploited a vulnerability in a Microsoft software and hit 150 countries, the same Windows vulnerability (MS17-010) has also been exploited to spread another type of malware that is quietly but fast generating digital cash from machines it has infected.
According to a report on Wednesday, tens of thousands of computers globally have been affected by the “Adylkuzz attack” that target machines, let them operate and only slows those down to generate digital cash or “Monero” cryptocurrency in the background.
“Monero” — being popularised by North Korea-linked hackers — is an open-source cryptocurrency created in April 2014 that focuses on privacy, decentralisation and scalability. It is an alternative to Bitcoin and is being used for trading in drugs, stolen credit cards and counterfeit goods.
“Initial statistics suggest that this attack may be larger in scale than WannaCrypt, because this attack shuts down SMB networking to prevent further infections with other malware (including the WannaCrypt worm) via that same vulnerability,” US-based cyber security firm Proofpoint researchers were quoted as saying in the report.
This is how a cryptocurrency attack works. The hackers need to mine cryptocurrency using computers/computing devices (IoT included). “Mining of cryptocurrency simply means solving complex cryptography problems designed within the algorithm of a cyber-currency that requires a lot of computing,” Saket Modi, CEO and Co-founder of Delhi-based IT risk assessments provider Lucideus, told.
According to reports, the “Adylkuzz” attack is still growing. “Once infected through use of the ‘EternalBlue’ exploit, the cryptocurrency miner ‘Adylkuzz’ is installed and used to generate cybercash for the attackers,” Robert Holmes, Vice President of products at Proofpoint, was quoted as saying.
According to experts, the “Adylkuzz” began its attack on or before May 2, more than a week before “Wanna Crypt” arrived and hit 150 countries, including India. “Indications are that the crooks behind ‘Adylkuzz’ have generated a lot more money than the ‘Wanna Crypt’ ransomware fiends,” report noted.