| « Macs Vulnerable to Attack Through Firmware Weaknesses | Chinese Advertising SDK Caught Stealing Data From Android Devices » |
Cryptocurrency Miner Infects Windows PCs via EternalBlue and WMI
22/08/17
A new malware family detected under the name of CoinMiner is causing users and security firms alike loads of problems, being hard to stop or detect due to the combination of various unique features.
The malware — a cryptocurrency miner — uses the EternalBlue NSA exploit to infect victims and the WMI (Windows Management Instrumentation) toolkit as a method to run commands on infected systems.
In addition, CoinMiner also runs in memory (fileless malware), and uses multiple layers of command and control servers to deploy the multitude of scripts and components it needs to infect victims.
All of these make a deadly mixture of features that spell trouble for outdated machines and systems running antivirus solutions not up to par with the latest infection techniques.
Form is loading...
You must be logged in to see the comments. Log in now!
If you have no account yet, you can register now...
(It only takes a few seconds!)