NSA Exploit Now Powering Cryptocurrency Mining Malware

You may have been asked if you’d like to try your hand at mining cryptocurrency. You may have disagreed, citing the shortage of graphics cards or perhaps wary you were being coaxed into an elaborate Ponzi scheme. So much for opting out. Thanks to the NSA, you may be involved in mining cryptocurrency, but you’re likely not seeing any of the benefits.

NSA Exploit Now Powering Cryptocurrency Mining Malware

A computer security exploit developed by the US National Security Agency and leaked by hackers last year is now being used to mine cryptocurrency, and according to cybersecurity experts the number of infections is rising.

The good news is you won’t have to cough up a ransom to retake control of your computer. The bad news is this doesn’t guarantee you’ll have a functioning computer.

This new attack—called WannaMine—may seem like less of a threat than WannaCry because it doesn’t lock users out of their computer. But CrowdStrike noted in a blog post laying out its findings on WannaMine that the company has observed the malware “rendering some companies unable to operate for days and weeks at a time.” WannaMine infections are also hard to detect because it doesn’t download any applications to an infected device.

This is the path the NSA’s malware has taken: from worldwide ransomware to drive-by installations of mining software. The route to infection is still the standard route: malicious links. Once inside, the malware co-opts your processor for cryptocurrency mining. If your computer happens to be part of a network, the infection will spread to connected computers, turning entire businesses into someone else’s side hustle.

The “fun” part is even patched systems can be infected. The NSA’s EternalBlue exploit may no longer work, but an attached tool called Mimikatz can still root around for login passwords to continue spreading the malware. The damage isn’t theoretical.

For companies hit by WannaMine at scale though, the cumulative effects can be disastrous, [Bryan] York [director of CrowdStrike] told me. He cited a client that recently came to CrowdStrike for help after their network was infected by WannaMine, which York said was using so much CPU power that it totally shut down their service.

“The implications of cryptocurrency mining aren’t just, ‘Oh darn, I lost some of my CPU,’” York said. “It’s actually getting in the way of how businesses conduct their operations and causing down time.”

While this isn’t the first crypto miners based on NSA exploits to hijack users’ computers, it’s the hardest to track down and kill. It contains no application files, relying on Windows tools to perform the dirty work. No files written to disk make it all but invisible. And, unlike ransomware, there’s no way to pay someone to stop using your CPU to mine Monero. You can’t even buy your way out of the problem.

This won’t be the last we’ll see of malicious software built on NSA hacking tools. It will serve as a continual reminder of the government’s untrustworthiness when it comes to secure computing, mass harvesting of data, and security tradeoffs performed without the input of the majority of stakeholders.

(Counterpoint via @dril: maybe NSA-enabled crypto mining hijacking is the most patriotic thing there is.)

- Advertisement -
b4c58c5edf797ff99fcca559f7ac9651?s=96&r=g - NSA Exploit Now Powering Cryptocurrency Mining Malware
Muhammad Irfan Raza
Irfan Raza is Editor at TechWafer covering Everything about Apple including Mac, iPhones, iMac, iMac Pro, MacBook, and How-tos.

Recent Articles

Download Pandora Premium APK + MOD v2006.2 (Premium / Cracked)

Pandora Music APK and Mod is a popular music streaming service for smartphones providing personalized music feedback. Moreover, it allows users to create free...

Xiaomi enters top 3 in Q3 2020 beating Apple

Earlier today it was reported by Canalys an analyst company that Samsung has gained back the first spot from Huawei in smartphone market share....

Lenovo unveils Legion Pro Transparent Edition and It’s lit

Lenovo unveiled a transparent edition of the Legion Pro gaming flagship a smartphone with Snapdragon 865+ chipset. The X-shaped middle part now becomes see-through...

Vivo Finds: How 6G Could Shape the Digital Life After 2030

While 5G has just started large-scale commercialization around the world, the industry’s research and exploration of 6G is on the agenda. The Vivo Communications...

Realme C15 Qualcomm Edition Has Snapdragon 460 Chipset

Realme unveiled the C15 Back in July this year - It was an entry-level phone with a 6,000 mAh battery packed with Helio G35...
Advertisement

Leave A Reply

Please enter your comment!
Please enter your name here