After ‘WannaCry’ attack, Window’s flaw now leading to rapid generation of digital money from infected machines
The Microsoft Windows flaw (MS17-010) exploited by ransomware ‘WannaCry’ has now been exploited for spreading another type of virus that is now generating digital cash quickly from infected machines.
The latest virus attack is called “Adylkuzz” and has already affected tens of thousands of computers globally, according to a report in The Registrar on Wednesday.
The report states that the affected machine continues its operation but generates digital cash or “Monero” cryptocurrency in the background.
"Monero" being popularised by North Korea-linked hackers, is an open-source cryptocurrency created in April 2014 that focuses on privacy, decentralisation and scalability.
It is an alternative to Bitcoin and being used for trading in drugs, stolen credit cards and counterfeit goods.
"Initial statistics suggest that this attack may be larger in scale than WannaCry, because this attack shuts down SMB networking to prevent further infections with other malware (including the WannaCry worm) via that same vulnerability," US-based cyber security firm Proofpoint researchers were quoted as saying in the report.
"Once infected through use of the 'EternalBlue' exploit, the cryptocurrency miner 'Adylkuzz' is installed and used to generate cybercash for the attackers," Robert Holmes, Vice President of products at Proofpoint, was quoted as saying.
Experts are still not sure about when Adylkuzz began, but assume that it attacked after a week “WannaCrypt” arrived, around May 2.
"Indications are that the crooks behind 'Adylkuzz' have generated a lot more money than the 'WannaCrypt' ransomware fiends," the report noted.
"Unlike ransomware, no demands for money are made of victims. The malware is deliberately stealthy; users will only notice their Windows machine is running slowly and that they don't have access to shared Windows resources," the researchers said.
"Cybercriminals intrigued by the currency's promises of greater anonymity are using it more often on black markets." it said.