NSA Malware Used to Infect Windows PCs with Cryptocurrency Miner

Discussion in '0-day Release' started by RGiskardR, Jun 22, 2017.

  1. RGiskardR

    RGiskardR Malware Tester Silver Member


    Malware authors are using an NSA hacking tool to infect Windows computers with a new cryptocurrency miner. Detected under the generic name of Trojan.BtcMine.1259, this trojan was first spotted last week by Russian antivirus vendor Dr.Web.

    The trojan uses an NSA implant called DOUBLEPULSAR to infect computers that run unsecured SMB services. This implant (NSA term for malware) is a simple backdoor that allows attackers to execute code on the infected machines.

    The miscreants behind these attacks use DOUBLEPULSAR to download a generic malware loader on user's devices. The purpose of this "malware loader" is to check the user's PC for a minimum amount of kernel threads.

    If the infected computer has enough CPU resources, the generic malware loader will download the final payload, the cryptocurrency miner itself.

    Full source: https://www.bleepingcomputer.com/ne...infect-windows-pcs-with-cryptocurrency-miner/
  2. Google Adsense

Share This Page