Adylkuzz Crypto-Miner
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 80 % (High) |
| Infected Computers: | 107 |
| First Seen: | May 19, 2017 |
| Last Seen: | July 23, 2020 |
| OS(es) Affected: | Windows |
PC security researchers have associated the Adylkuzz Crypto-Miner with the EternalBlue exploit, a vulnerability that has been used in 2017 to carry out various high-profile threat attacks. This exploit was released in April as part of a disclosure of a NSA data that was made public by a hacking group. The Adylkuzz Crypto-Miner is being used in a threat campaign that uses an NSA exploit known as DoublePulsar and has been associated with one of the most widespread ransomware attacks in recent memory, the Wannacry Ransomware. The two exploits, DoublePulsar and EternalBlue, have been used to install the Adylkuzz Crypto-Miner on the victims' computers. The Adylkuzz Crypto-Miner is designed to use the infected computers' resources to generate revenue in the form of cryptocurrency. The Adylkuzz Crypto-Miner infections may be more widespread than the infamous WannaCry and, because the Adylkuzz Crypto-Miner interferes with the network settings of infected computers, it may even have contributed towards limiting the distribution of the recent WannaCry campaign.
Table of Contents
The Consequences of an Infection with the Adylkuzz Crypto-Mine
The whole purpose of miners like the Adylkuzz Crypto-Miner is to use processing resources to create crypto-currency. The symptoms of an Adylkuzz Crypto-Miner infection include loss of bandwidth and processing resources since these will be engaged in the Adylkuzz Crypto-Miner's operations instead of being used for the computer users' purposes. The Adylkuzz Crypto-Miner attacks may have been distributed to the public as far back as April 24, 2017, and became especially common in May 2017. Although the effects of the Adylkuzz Crypto-Miner are not as disruptive as ransomware Trojans or other threats that prevent victims from using the affected computers, the Adylkuzz Crypto-Miner has the potential to be quite disruptive because it will cause the affected computers to consume resources at a much higher rate than normal constantly.
What is the Mission of the Adylkuzz Crypto-Miner and Similar Crypto-Miners
The Adylkuzz Crypto-Miner takes advantage of the EternalBlue vulnerability in Windows to take over the victims' computers. The main goal of the Adylkuzz Crypto-Miner is to process transactions using Monero to generate revenue. The Adylkuzz Crypto-Miner mines the Monero cryptocurrency, using the infected computer's resources. It is important to note that the Adylkuzz Crypto-Miner can be used by computer users to generate small amounts of revenue legitimately. However, con artists will distribute a weaponized version of the Adylkuzz Crypto-Miner that allows them to use the victims' computers to generate Monero transactions. Computers infected with the Adylkuzz Crypto-Miner will use up all remaining memory to carry out these transactions, becoming slow, unresponsive, unstable, and prone to crashing or freezing. Miners like the Adylkuzz Crypto-Miner can be legitimate programs. However, it's this implementation that makes the Adylkuzz Crypto-Miner and similar miners unethical.
How the Adylkuzz Crypto-Miner may Infect a Computer
Although the most common way of distributing the Adylkuzz Crypto-Miner in recent months has been the use of the Windows vulnerability mentioned above, PC security analysts have observed miners being distributed by bundling them with other software, infecting the victim's computer when another program is being installed. One side effect of the Adylkuzz Crypto-Miner infection is that it will run commands to close vulnerable ports, which means that once the Adylkuzz Crypto-Miner has infected a computer, it will act to prevent other threats from taking advantage of the same vulnerability that allowed the Adylkuzz Crypto-Miner to be installed. This has meant that the Adylkuzz Crypto-Miner infections have limited the damage of the WannaCryptor ransomware attacks. To date, it is unclear how many computers have been infected with the Adylkuzz Crypto-Miner. These attacks work by infecting as many computers as possible to have their resources available to mine Monero. At this time, the people responsible for the attack can claim $235 USD approximately for each computer they manage to infect with the Adylkuzz Crypto-Miner. To this date, at least 20 IP addresses have been associated with the Adylkuzz Crypto-Miner infection itself.
