After WannaCrypt, a cryptocurrency attack is generating digital cash fast

Fernando Stephens
May 18, 2017

Adylkuzz takes advantage of the same SMB exploit used in the WannaCry ransomware attack, but unlike WannaCry it does not lock down users' files or announce its presence in any way. Adylkuzz makes no announcement when it quietly invades target computers.

Yahoo's report also added that more attacks could be soon underway after The Shadow Brokers, who leaked the vulnerabilities used by WannaCry and Adylkuzz, threatened to publish more.

That group has exposed many more of the NSA's secret intelligence tactics, but the computer back door and the Microsoft vulnerability exploited by these two recent malware attacks were "the pick of the litter", Kalember says.

After last Friday's unprecedented global cyberattack led by the WannaCry ransomware, a new type of malware - a rogue cryptocurrency miner called Adylkuzz - has been affecting hundreds and thousands of PCs worldwide, according to researchers at cybersecurity firm Proofpoint. Similar to Bitcoin but with enhanced anonymity capabilities, Monero recently saw a surge in activity after it was adopted by the AlphaBay darknet market, described by law enforcement authorities as "a major underground website known to sell drugs, stolen credit cards and counterfeit items".

Surprisingly, Adylkuzz virus is said to have been active since April 24 or at least on May 2, but it remained undetected.

"While an individual laptop may generate only a few dollars per week, collectively the network of compromised computers appears to be generating five-figure payouts daily".

US admiral: North Korea's action 'recipe for disaster'
North Korea is also stepping up diplomatic actions to seek support and understanding from other countries over its missile launch. It was revealed amid reports Kim Jong-un is boosting his own defences in the wake of Trump's rocket attack on Syria.

Proofpoint said in a blog that symptoms of the attack include loss of access to Windows resources and degradation of performance, effects some users may not notice immediately. If businesses are anxious about their systems being infected, cyber security expert at Sense of Security Michael McKinnon advises sweeping the system with malware-detecting antivirus software.

As Microsoft explains, WannaCry spreads via two mechanisms. What Proofpoint caught instead was Adylkuzz-the underground malware that hadn't set off alarms. "This attack is ongoing and, while less flashy than WannaCry, is nonetheless quite large and potentially quite disruptive". They are said to "mine" for the currency and are occasionally rewarded with a piece of it.

If Adylkuzz had been forcing hijacked computers to become Bitcoin miners rather than Monero miners, cybersecurity teams might have looked for clues to the hackers' identities by searching for rising balances in Bitcoin accounts, Kalember says.

While the NSA's activities were created to gather information, hackers separately compromised the SWIFT system in March 2016, stealing the computer credentials of a SWIFT operator in Bangladesh to send messages to the Federal Reserve Bank of NY that resulted in the theft of $81 million from the Bangladesh central bank. Bitcoin ledgers are public.

Read: WannaCry Ransomware Attack: Hackers Raised $50,000 In Bitcoins, Now What?

Security researchers predict that this new malware will be bigger than WannaCry because it's much more stealthy. Researchers at both Proofpoint and Bitdefender have warned malware called Adylkuzz is infecting machines. "They're really hard to kill".

Other reports by BadHub

Discuss This Article