WannaMine: A New Threat on Rise
As sophistication of attacks continues to grow, mentioning them as a catalyst to booming business won’t be a hyperbole. Eternal Blue the security exploit created by NSA and leaked by hackers last year is now being used to mine cryptocurrency.
Last year it was used to unleash the devastating global ransomware WannaCry that infected approx. 300,000 computers across 150 countries and this year it is used by a new worm dubbed WammaMine. The exploit since its leakage is used by hackers in different ways to infect machines worldwide. As it works in stealth mode it is hard to take any action against it.
What is WannaMine?
The name is enough to tell about the worm. It is a fileless cryptojaking malware that hijack victim’s PC to mine cryptocurrency. Unlike WannaCry it doesn’t lock the user out of their machine. Relaxed after knowing this? Don’t be as WannaMine is more dangerous and can infect machine in several ways. It can make user click on a malicious link in an email or webpage to target remote access attack. Furthermore, as it works silently in the background it is hard for the antivirus program to identify it.
How it works?
WannaMine script uses 2 in-built Windows application – Windows Management Instrumentation for remote access and PowerShell. The worm doesn’t just rely on EternalBlue, it uses another tool called Mimikatz to steal user’s credentials. As this information can be used by the hacker in future to move across the network. If that fails only, then EternalBlue is used to break in. Meaning WannaMine will infect your system what may. If your computer is protected against EternalBlue then it will use the information stolen by Mimikatz to infect systems on a network.
To mine cryptocurrency named Monero, WannaMine uses CPU of the infected machine to mine the cryptocurrency in the background. An average user won’t be able to recognize if the machine is infected because the only difference user will notice is in the systems speed.
Another important thing WannaMine doesn’t demand any money. As using the CPU hackers are already making money then why to demand ransom.
Also Read: Top 10 Antivirus For Windows
Wrap Up: Once again this new worm clearly illustrates how sophisticated and professional hackers are becoming. They are using advanced technique for small tasks like mining Monero, so you can very well imagine what they can do more in future. It’s just the matter before things go out of control. To avoid facing such a situation we all should work together as hackers do. There is no sense in a fighting with these attackers alone, we all need to stand together and defeat them. Not only organizations need to be cautious individuals too have to be careful.