The set of NSA spying tools released to the world by the Shadow Brokers in 2017 is paying dividends for cybercriminals.
The latest application of the NSA tool EternalBlue is in a piece of malware awkwardly named Smominru.
While the name is clumsy the malware is not. According to a researcher at Proofpoint known as Kafeine as many as 526 000 Windows machines are infected with the malware, many of which are servers.
The currency of choice for the mining malware is Monero and it manages to net a tidy sum. “The operators had already mined approximately 8,900 Monero. Each day, the botnet mined roughly 24 Monero,” said Proofpoint.
That’s a total of $1,9 million mined and $5 241 in Monero mined per day.
The security solutions firm goes on to say that it has observed 25 nodes spreading the Smominru malware using the EternalBlue exploit. This sneaky NSA tool released by Shadow Brokers was also used in both the NotPetya and WannaCry ransomware attacks in 2017.
As you may be aware mining cryptocurrency can several hamper a computer’s performance for anything else while also driving up the electricity use. For a business with an army of PCs this could be disastrous and Proofpoint says it’s not going away anytime soon.
“Given the significant profits available to the botnet operators and the resilience of the botnet and its infrastructure, we expect these activities to continue, along with their potential impacts on infected nodes. We also expect botnets like that described here to become more common and to continue growing in size,” concluded the firm.
So if you notice your PC’s performance at work slow down today while CPU usage goes up, inform your IT team immediately.[Source – Proofpoint] [Image – CC 0 Pixabay]