Today's Hard|Forum Post
Today's Hard|Forum Post

Wednesday May 17, 2017

Adylkuzz Cryptocurrency Mining Malware Spreading

"Good" malware is the kind the person is not even aware of, right? And "good" malware prevents the spread of other malware, right? The ProofPoint website has a write-up on the Adylkuzz malware, that is much like the WannaCry RansomWorm in that it spreads the same way. Instead of holding your data hostage in hopes of you giving up some Bitcoin in order to get your data back, Adylkuzz installs cryptocurrency mining software on your machine to farm its own Monero cryptocurrency. Adylkuzz is spreading using both the EternalBlue and DoublePulsar exploits.

News Image

Over the subsequent weekend, however, we discovered another very large-scale attack using both EternalBlue and DoublePulsar to install the cryptocurrency miner Adylkuzz. Initial statistics suggest that this attack may be larger in scale than WannaCry, affecting hundreds of thousands of PCs and servers worldwide: because this attack shuts down SMB networking to prevent further infections with other malware (including the WannaCry worm) via that same vulnerability, it may have in fact limited the spread of last week’s WannaCry infection.

It seems that Adylkuzz has been in the wild since before we all got the WannaCry RasomWorm wake up call, possibly since April 24th. So you may be into Monero cryptocurrency mining and you are not even aware of it. See how easy mining is to get into? From what ProofPoint is citing in its article, I would guess that Adylkuzz is going to be much more successful on the money front than WannaCry.