Categories: CryptocurrencyTechnology

WannaMine: Cryptocurrency Mining Malware That Uses An NSA Exploit



WannaMine Malware That Uses NSA Exploit To Mine Cryptocurrencies Is On The Rise

The recent months have seen an increase in cyberattacks using cryptocurrency-mining tools, which has now become one of the main security threats.

In April last year, the ‘EternalBlue’ exploit, formerly owned by the US National Security Agency (NSA), was leaked to the public by hacking group Shadow Brokers. This exploit was then used as a base in the WannaCry virus that infected more than 230,000 computers running the Microsoft Windows operating system in 150 countries in May 2017.

Now, researchers at CrowdStrike, a cybersecurity company, have discovered a new strain of malware that uses the ‘EternalBlue’ exploit, to hijack victims’ computers and CPU processing power to secretly mine cryptocurrency in a new attack dubbed WannaMine.

“CrowdStrike has observed more sophisticated capabilities built into a cryptomining worm dubbed WannaMine. This tool leverages persistence mechanisms and propagation techniques similar to those used by nation-state actors,” the researchers said in a blog post published on January 25.

“WannaMine employs ‘living off the land’ techniques such as Windows Management Instrumentation (WMI) permanent event subscriptions as a persistence mechanism. It also propagates via the EternalBlue exploit popularized by WannaCry.”

This WannaMine malware is quite similar to the one detected by Panda Security in October last year, which was also based on EternalBlue exploit and used by the infected computer to undermine Monero, in that case.



According to the new report, WannaMine can infect a computer in several ways, such as clicking a malicious link in an email or website, or through remote access attack on the victim. In most cases, the victim will not notice anything, except that the computer runs slower.

This malware is complex to attack for companies, as it does not need to download any type of file to infect the computer. Since WannaMine is a fileless operation and uses legitimate system software system software such as WMI and PowerShell to run, it makes it nearly impossible for organizations to detect and block it without some form of next-generation antivirus. However, WannaMine doesn’t immediately look to force the EternalBlue exploit.

It first uses a tool called “MimiKatz” to recover logins and passwords from system memory and try to infiltrate the system once. If that fails, WannaMine turns to the EternalBlue exploit to complete the task and break in.

Once the attack is successful, WannaMine quietly uses the CPU processing power to generate Monero coins in the background. “The WannaMine worm uses advanced techniques to maintain persistence within an infected network and move laterally from system to system,” the researchers said. “In one case, a client informed CrowdStrike that nearly 100% of its environment was rendered unusable due to overutilisation of systems’ CPUs.”

According to CrowdStrike specialists, the number of attacks has increased sharply since the beginning of 2018, and one can expect to see much more cryptomining activity in the coming months, resulting in business disruptions and downtime.

Kavita Iyer

An individual, optimist, homemaker, foodie, a die hard cricket fan and most importantly one who believes in Being Human

Recent Posts

  • Laws and Legalities
  • The Pirate Bay

The Pirate Bay And Other Sites Ordered To Be Blocked By ISP Telia

ISP Telia has been ordered by the court to block The Pirate Bay, Fmovies, Dreamfilm, and other sites Telia, an internet service…

13 hours ago
  • Security news
  • Windows 10

Windows 10 October 2018 Update Build 17763.104 released to Insiders with fixes

Patched Windows 10 October 2018 Update Build 17763.104 Released To Slow And Release Preview Rings Microsoft is currently rolling out…

14 hours ago
  • Guide

DNS_Probe_Finished_No_Internet fix for the chrome browser

Ignoring the fact that you love playing with this dinosaur, having it while browsing the internet can be a huge…

2 days ago
  • List

10 Best Sites To Watch Hindi Movies Online- Free And Legally In 2018

Bollywood often referred to as Hindi movies is the Indian Hindi-language film industry with the highest number of movie releases…

2 days ago
  • Android App
  • News

Winamp to make a comeback as a mobile app in 2019

Winamp reimagined as an audio app for mobile could arrive in 2019 Winamp, the 21-year-old iconic media player, is set…

2 days ago
  • Google
  • Technology

Real-time Google Translate available on all Google Assistant headphones

Real-time translation is coming to all Google Assistant-optimized headphones and Android phones When Google launched the Google Assistant-enabled Pixel Buds…

2 days ago