By GoldSparrow in Malware

Cybercriminals are known for their lusting after the undeserved – obtaining other people's cash as fast as possible with minimum efforts. There are numerous ways in which they may achieve this – hacking POS devices, infiltrating ATMs, demanding ransoms via data-encryption Trojans, collecting login credentials of users of different financial institutions, the list goes on, and on. In recent years cryptocurrencies have caught the attention of cyber crooks online, and various methods of collecting cryptocurrency were developed quickly. One of the options is the crypto mining threats. A crypto miner would infiltrate a user's system and begin mining cryptocurrency using their hardware without the knowledge of the victim. The cryptocurrency collected is then sent to the attacker's account.

WannaMine is one of these crypto mining threats that lurk in the shadows looking for a way to penetrate your PC and use it for its own ends. WannaMine is likely propagated via infected email attachments and faux downloads. WannaMine is sporting great persistence, which makes it far less likely to be detected by an anti-virus application. Furthermore, WannaMine is capable to self-propagate. This is done by firing up the Windows Management Instrumentation feature and PowerShell as soon as the threat gains access to the system. After infiltrating them, WannaMine will attempt to detect if any other stored login credentials to use them to potentially infect other PCs, which are connected to the one that WannaMine has already slipped into. Furthermore, the creators of WannaMine have also implemented the notorious EternalBlue exploit, which gained popularity around the 2017 NSA Leaks. EternalBlue is also used to propagate WannaMine to more computers.

Initially, this may sound like a crime without a victim, as the attackers are not collecting cryptocurrency from the victim. However, mining cryptocurrencies is a very heavy task for any computer; it causes it to overheat, slows it down due to the excessive use of RAM and CPU, and is likely to reduce the lifespan of the machine as a whole greatly.

Users online need to be extra careful when opening email attachments and clicking on update notifications. Otherwise, threats like WannaMine may end up sneaking into your system and using it without your knowledge, wearing it down, for weeks or even months. Make sure you have a trustworthy anti-spyware suite and do not forget to keep it updated.


Most Viewed