- We detected a malware that uses multiple propagation and infection methods to drop a Monero cryptocurrency miner onto as many systems and servers as possible.
- Initially observed in China in early 2019, the methods it previously used to infect networks involved accessing weak passwords and using pass-the-hash technique, Windows admin tools, and brute force attacks with publicly available codes.
- Once a machine is infected via one of the methods, the malware acquires the MAC address and collects information on the anti-virus products installed in the machine.
- It leverages weak passwords in computer systems and databases, targets legacy software that companies may still be using, uses PowerShell-based scripts with components downloaded and executed in memory, exploits unpatched vulnerabilities, and installs using the Windows startup folder and the task scheduler.
- The post Miner Malware Spreads Beyond China, Uses Multiple Propagation Methods Including EternalBlue, Powershell Abuse appeared first on .
Miner Malware Spreads Beyond China, Uses Multiple Propagation Methods Including EternalBlue, Powershell Abuse - TrendLabs Security Intelligence Blog
12 April 2019 6:26 AM GMT