Reports have also been gathered from Bleeping computer stating how malware authors are infecting Windows computers with NSA hacking exploit and a Trojan that can detect visible resources to shift toward the XMR.
The Trojan Was First Reported by Russian Antivirus Dr.Web
The Russian antivirus; Dr. Web was the first to report the Trojan, and the virus was discovered as Trojan.BTCMine. 1259. The Trojan also has been discovered as utilizing Double pulsar; an NSA hacking tool that is designed to infect computers that are running Server Message Block services that aren't secured- a network protocol used mainly to provide shared access to serial ports, printers, and files.
Once the infection takes place, a simple backdoor will be created by the malware to give hackers the chance to execute code on a machine. The Double Pulsar exploit is then used to input a generic malware loader on the infected machine. The computer afterward will be scanned by the virus to check if there are enough available resources to execute the payload. If the resources are found to be available, a cryptocurrency will be downloaded by the generic malware loader to start mining the XMR and also start diverting the XMR to the hacker’s wallet.
Experts have also resolved to the conclusion that the trojan can shut itself down when the PC owner jockstraps the Task Manager utility, making the malware undetected while still undergoing an operation.
Ransomware Viruses Have Adopted the NSA’s Double pulsar Exploit
Trojan.BtcMine.1259 wouldn't be the first cryptocurrency associated virus that has been planned out using the DOUBLEPULSAR exploit. Another known virus named Eternalminer was also detected about a week ago, and it places Linux servers aimed at XMR mining. Wannacry, the ransomware database that capsized a lot of institutions and businesses around the globe, might have brought Double pulsar within its protocol while making use of the achievement as the foundation for the malware's self-spreading SMD worm.
The shadow Brokers in April 2017 made Double pulsar available and has led to reports of new less than 36,000 computers getting infected by different viruses adopting the exploit on April 21st.
Do you diligence and be cautions when downloading and accessing files from crypo-space.
Appreciate your upvote and comments on it
Scrembo