Get Latest Articles to Your Inbox A security researcher has just discovered a stealthy cryptocurrency-mining malware that was also using Windows SMB vulnerability at least two weeks before the outbreak of WannaCry ransomware attacks.According to Kafeine, a security researcher at Proofpoint, another group of cyber criminals was using the same EternalBlue exploit, created by the NSA and dumped last month by the Shadow Brokers, to infect hundreds of thousands of computers worldwide with a cryptocurrency mining malware called 'Adylkuzz.'This malicious campaign went unnoticed for weeks because unlike WannaCry, this malware does not install ransomware or notify victims, but instead, it quietly infects unpatched computers with malware that only mine 'Monero,' a Bitcoin-like cryptocurrency.This Malware Saves Computers From Getting Hacked By WannaCry The Researcher believes Adylkuzz malware attack could be larger in scale than WannaCry ransomware attack because it has been designed to block SMB ports of a targeted computer after hijacking it.

In other words, Adylkuzz malware infects unpatched computers and then closes SMB ports to prevent them from further infections, which may have indirectly saved hundreds of thousand of computers from getting hacked by WannaCry ransomware as well.Mining cryptocurrencies can be a costly investment as it requires an enormous amount of computing power, but the Adylkuzz cryptocurrency-mining malware makes it easier for cybercriminals by allowing them to utilize computing resources of compromised systems and makes lots and lots of dollars."Once infected through use of the EternalBlue exploit, the cryptocurrency miner Adylkuzz is installed and used to generate cybercash for the attackers," said Robert Holmes, vice president of products at Proofpoint.One Monero is currently valued at around US$26.77."While an individual laptop may generate only a few dollars per week, collectively the network of compromised computers appears to be generating five-figure payouts daily," the researchers added.According to Proofpoint, tens of thousands of computers across the world have been infected by the Adylkuzz malware.

Despite people's efforts to patch their systems to prevent themselves from the WannaCry menace, Proofpoint believes the Adylkuzz attack is still growing and targeting Windows machines.Last week, in a separate research, GuardiCore researchers uncovered a new botnet malware, dubbed BondNet, that was also infecting Windows machines worldwide, with a combination of techniques, for mining cryptocurrencies — primarily Monero, but also ByteCoin, RieCoin, and ZCash.humint bitcoinIf this isn't enough, you'll find yourself worry after knowing that the hacking group, Shadow Brokers, who last month leaked the Windows SMB exploit, is back, promising to release more zero-days vulnerabilities and exploits starting from June.hobo nickels bitcoinSo, the best key to keeping yourself safe is that instead of worrying about your devices, just patch them with the latest updates and follow some basic security tips that I have mentioned in my previous article about how to disable SMB and prevent your machines from WannaCry, cryptocurrency mining malware, and other malware.bitcoin handelen

Best Deals Subscribe Want the most interesting Hacking and Cyber Security News delivered automatically to your inbox?Subscribe to our FREE Newsletter and eBooks.A malware variant named Mal/Miner-C (also known as PhotoMiner) is infecting Internet-exposed Seagate Central Network Attached Storage (NAS) devices and using them to infect connected computers to mine for the Monero cryptocurrency.Miner-C, or PhotoMiner, appeared at the start of June 2016, when a report revealed how this malware was targeting FTP servers and spreading on its own to new machines thanks to worm-like features that attempted to brute-force other FTP servers using a list of default credentials.bitcoin input addressThis same functionality is still present in the latest Miner-C version, but security researchers from Sophos say that recent Miner-C iterations are using a design flaw in the Seagate Central NAS devices to place a copy of itself on their public data folders.bitcoin joomla

NAS devices, which are network-connected hard drives, allow users to access files from the local network, but also via the Internet if the administrator chooses to open the NAS drive for remote access.According to Sophos, Seagate Central devices contain a public folder accessible to all users, even anonymous non-logged-in users, which can't be deactivated or deleted.Miner-C is copying files to this public folder on all Seagate Central NAS devices it can find.bitcoin july 2012One of the files it copies is called Photo.scr, a script file that malware coders have modified to use a standard Windows folder icon.Because Windows has a bad habit of hiding file extensions, whenever the device owner accesses their NAS, they see this file as a folder, fooled by the fake icon.When they try to access the folder, they're actually executing the Photo.scr file, which installs a cryptocurrency mining application on their PC.Miner-C also features a modular structure made of different parts that do different things, and it uses a unique method of loading its config file.

"Since it generates a new initialization file when it is launched, it helps the malware avoid security solutions.It also gives the botnet operators a chance to change the payload of the threat in the future, for example, dropping ransomware to the victim's machine after the mining business is no longer profitable," the Sophos team explains in a technical report.Right now, Monero is one of the most profitable cryptocurrencies from when it comes to mining operations.While Bitcoin mining difficulty has increased many times over the years, PC-based Bitcoin mining has ceased to be profitable in 2012 and is currently only an option if you're using special hardware and dedicated data centers.Monero is one of the few cryptocurrencies that can still be mined using regular PCs, hence the reason the crooks chose it.According to telemetry data Sophos researchers gathered, Miner-C has infected around 70 percent of all Seagate Central NAS devices available on the Internet.Researchers discovered around 7,000 Seagate Central NAS devices connected to the Internet, which means crooks managed to infect around 5,000 such devices.