Future Malware Evolving into Python-Based Cryptocurrency Mining Threats Using Stolen NSA Exploits and Cryptojacking
Whether you believe in evolution or not, in the technology world there is a constant shift that clearly demonstrates how malware threats are evolving at the hands of creative hackers who look to weaponize exploits to eventually cash-in on victimized computer users. In the vast landscape of malware, we are currently witnessing a giant leap in the evolution of today's common threats, that being ransomware turned into cryptocurrency mining malware.
With cryptocurrencies being in such high demands, it's no wonder that cybercrooks are leveraging cryptocurrency in many different forms as a platform for newly-created malware to attack. In the recent months, researchers from all over have found malware authors wielding the ETERNALBLUE and ETERNALROMANCE exploits to place their targets on cryptocurrency. In the process of creating such threats, malware authors have created many different examples of Python-based malware threats to essentially mine through a process called cryptojacking.
This Week In Malware Episode 22 Part 3: Browser-Based CryptoJacking Cases Increase To New Unseen Levels In 2020
Table of Contents
What are Examples of Cryptocurrency Mining Threats?
Among the many new threats to come out of the latest batch of Python-based malware is Adylkuzz, Smominru, and WannMine, which researchers believe to be an updated variant of the popularized WannaCry Ransomware threat that spread to hundreds of thousands of systems around the world. Each threat when aimed at a vulnerable computer is essentially the act of cryptojacking, or taking over specific functions of a computer and using it to mine cryptocurrency.
The exploit kits ETERNALBLUE and ETERNALROMANCE are more or less exploits developed by the NSA (U.S. National Security Agency) once primarily used in taking advantage of a vulnerability within Microsoft's Server Message Block (SMB). Essentially, an exploit kit is a bundled software package or toolkit that hackers or computer 'experts' use to perform targeted actions or deliver other software in an unconventional method. Not expected, hackers stole the exploit kits and leveraged on new unprecedented levels to aggressively spread malware on systems with known vulnerabilities that the exploit kit can easily mitigate. As it turns out, the exploit kits are not heavily utilized in the propagation of many threats, including the popularized Monero Miner (XMR) that is used to mine the Monero cryptocurrency via infected computers.
FortiGuard Labs, one of the many security solution services to initiate research on the new string of malware that is currently leveraging exploit kits to spread and actively mine cryptocurrency, discovered the threat called "PyRoMine." PyRoMine is one of many threats to leverage the ETERNALROMANCE exploit kit to spread. Within the crosshairs of PyRoMine lies many vulnerable PCs that can be attacked by a stand-alone executable file, which is the premises of hackers utilizing Python-based compiler to bundle the threat into a single entity. Fundamentally, use of a Python-based threat is a much easier method for attacking vulnerable computers, which is done using the PyInstaller to package a program written in Python to be a stand-alone executable file that may be included in a downloaded ZIP file.
What’s in Store for the Cryptocurrency Mining Barrage?
The ability to mine cryptocurrency, or cryptojacking, is commonly done on dedicated machines that utilize a large amount of electricity. In the scope of what hackers can do with a multitude of infected PCs instructed to mine cryptocurrency will not only leverage computers in a way that victims notice a higher electric bill, but many of the systems' resources will be sapped to the point of being useless for essential functions.
While ransomware in its traditional form continues to be a serious threat, among the most dangerous we have seen in the history of the computer and Internet, cryptocurrency mining threats may emerge to be the king of the hill.
In some ways, computer security researchers and experts alike will find it in their best interest to treat the outbreak of new cryptocurrency mining threats much like we would with a human viral plaque. It behooves them to ward off further threats and learn as much about them as they can to prepare for the imminent dangers that will later spread at unprecedented levels.
What’s in store for the future of Cryptojacking?
Cryptojacking, as we suspect, will evolve into a continual issue as the cryptocurrency craze continues. Vulnerable computer users may not necessarily identify cryptojacking scenarios as quickly as they would the plethora of other traditional malware threats. Being that cryptojacking has taken on an entirely new face, one that is mostly unrecognizable by the average computer user, it naturally has a leg up on its ability to attack through website-delivered scripts, which in turn can infect a system through visiting a hacked website.
The unseen dire circumstances of cryptojacking can affect organizations and personal computers to leverage CPU resources and Internet connectivity to bring an attacked computer to its knees ultimately. Because cryptojacking is an underlayer of cryptocurrency mining, it should be treated with special attention and prompt computer users to keep their system updated with the latest version of their web browser, operating system, and anti-virus/anti-malware software.
The process of mining cryptocurrency is in the know, and to get a grasp on the next generation of malware, we must fortify our knowledge about today's threats rather than waiting to see what hackers create tomorrow.