Adylkuzz Crypto-Miner

Adylkuzz Crypto-Miner Description

PC security researchers have associated the Adylkuzz Crypto-Miner with the EternalBlue exploit, a vulnerability that has been used in 2017 to carry out various high-profile threat attacks. This exploit was released in April as part of a disclosure of a NSA data that was made public by a hacking group. The Adylkuzz Crypto-Miner is being used in a threat campaign that uses an NSA exploit known as DoublePulsar and has been associated with one of the most widespread ransomware attacks in recent memory, the Wannacry Ransomware. The two exploits, DoublePulsar and EternalBlue, have been used to install the Adylkuzz Crypto-Miner on the victims' computers. The Adylkuzz Crypto-Miner is designed to use the infected computers' resources to generate revenue in the form of cryptocurrency. The Adylkuzz Crypto-Miner infections may be more widespread than the infamous WannaCry and, because the Adylkuzz Crypto-Miner interferes with the network settings of infected computers, it may even have contributed towards limiting the distribution of the recent WannaCry campaign.

The Consequences of an Infection with the Adylkuzz Crypto-Mine

The whole purpose of miners like the Adylkuzz Crypto-Miner is to use processing resources to create crypto-currency. The symptoms of an Adylkuzz Crypto-Miner infection include loss of bandwidth and processing resources since these will be engaged in the Adylkuzz Crypto-Miner's operations instead of being used for the computer users' purposes. The Adylkuzz Crypto-Miner attacks may have been distributed to the public as far back as April 24, 2017, and became especially common in May 2017. Although the effects of the Adylkuzz Crypto-Miner are not as disruptive as ransomware Trojans or other threats that prevent victims from using the affected computers, the Adylkuzz Crypto-Miner has the potential to be quite disruptive because it will cause the affected computers to consume resources at a much higher rate than normal constantly.

What is the Mission of the Adylkuzz Crypto-Miner and Similar Crypto-Miners

The Adylkuzz Crypto-Miner takes advantage of the EternalBlue vulnerability in Windows to take over the victims' computers. The main goal of the Adylkuzz Crypto-Miner is to process transactions using Monero to generate revenue. The Adylkuzz Crypto-Miner mines the Monero cryptocurrency, using the infected computer's resources. It is important to note that the Adylkuzz Crypto-Miner can be used by computer users to generate small amounts of revenue legitimately. However, con artists will distribute a weaponized version of the Adylkuzz Crypto-Miner that allows them to use the victims' computers to generate Monero transactions. Computers infected with the Adylkuzz Crypto-Miner will use up all remaining memory to carry out these transactions, becoming slow, unresponsive, unstable, and prone to crashing or freezing. Miners like the Adylkuzz Crypto-Miner can be legitimate programs. However, it's this implementation that makes the Adylkuzz Crypto-Miner and similar miners unethical.

How the Adylkuzz Crypto-Miner may Infect a Computer

Although the most common way of distributing the Adylkuzz Crypto-Miner in recent months has been the use of the Windows vulnerability mentioned above, PC security analysts have observed miners being distributed by bundling them with other software, infecting the victim's computer when another program is being installed. One side effect of the Adylkuzz Crypto-Miner infection is that it will run commands to close vulnerable ports, which means that once the Adylkuzz Crypto-Miner has infected a computer, it will act to prevent other threats from taking advantage of the same vulnerability that allowed the Adylkuzz Crypto-Miner to be installed. This has meant that the Adylkuzz Crypto-Miner infections have limited the damage of the WannaCryptor ransomware attacks. To date, it is unclear how many computers have been infected with the Adylkuzz Crypto-Miner. These attacks work by infecting as many computers as possible to have their resources available to mine Monero. At this time, the people responsible for the attack can claim $235 USD approximately for each computer they manage to infect with the Adylkuzz Crypto-Miner. To this date, at least 20 IP addresses have been associated with the Adylkuzz Crypto-Miner infection itself.

Infected with Adylkuzz Crypto-Miner? Scan Your PC

Download SpyHunter's Spyware Scanner
to Detect Adylkuzz Crypto-Miner
* SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?


Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

Infection Statistics


Our MalwareTracker shows malware activity across the world. Explore real-time data of Adylkuzz Crypto-Miner outbreaks and other threats from global to local level.

File System Details

Adylkuzz Crypto-Miner creates the following file(s):
# File Name Detection Count
1 %WINDIR%\Fonts\sppsvc.exe 96
2 %WINDIR%\Prefetch\secscan.exe 23
3 %WINDIR%\Fonts\msiexev.exe 22
4 %WINDIR%\netbios.jfm 21
5 %WINDIR%\Fonts\wininit.exe 15

Site Disclaimer

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as is:
What is 10 + 4 ?