Haxf4rall
  • Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
  • Home
  • 2018
  • February
  • 5
  • Fileless WannaMine Cryptojacking Malware Using NSA Exploit

Fileless WannaMine Cryptojacking Malware Using NSA Exploit

February 5, 2018February 4, 2018 No Comments
Fileless WannaMine Cryptojacking Malware Using NSA Exploit wannamine tool wannamine tutorial

Forget WannaCry and welcome WannaMine, a fileless cryptojacking malware using leaked NSA exploit called EternalBlue.

We cannot ignore the fact that cryptocurrencies are much in demand and monetary worth of digital currencies like Bitcoin, Ethereum, Litecoin, and Monero have soared tremendously, thereby, increasing the purchasing power and liquidity of cryptocurrency wallets.

In such a time, cybercriminals were expected to make use of the utterly profitable nature of cryptocurrencies and to do this, they have come up with an extremely productive process known as mining. Through cryptocurrency mining, they can drain energies from even the most powerful computer systems.

Whats more disturbing is that now cybercriminals have come up with cryptojacking malware that is solely created to suck the CPU power from computers. One such cryptojacking malware is WannaMine. It uses leaked hacking tools of the NSA (National Security Agency) to gain access to computers and drain off processor power to carry out mining.

Here, we must recall the NSA’s Windows exploit known as EternalBlue that was leaked in April 2017 by hacking group Shadow Brokers and was later used to launch the disastrous WannaCry ransomware that caused havoc worldwide and locked down NHS systems. WannaCry ransomware managed to infect around 230,000 computers in nearly 150 countries only to pave the way for another highly dangerous ransomware NotPetya. The same exploit is being used again to carry out Bitcoin and Monero mining using cryptojacking malware WanaMine.

WannaMine was identified by cybersecurity firm Panda in October 2017 while the malware was mining Monero after hijacking CPU cycles on the targeted computer. Another cybersecurity firm CrowdStrike stated that they have observed an increment in the distribution rate of WannaMine malware as infections caused by this malicious software have doubled in last few months. In fact, it crippled the operations of various companies for days and weeks and used the resources of their CPUs for Monero mining.

WannaMine is a fileless malware that utilizes advanced tactics and techniques to “maintain persistence within a network and move laterally from system to system. WannaMine uses credentials acquired with the credential harvester Mimikatz to attempt to propagate and move laterally with legitimate credentials.” wrote CrowdStrike security researchers.

Hackers are using a wide range of techniques to infect computers from email phishing attacks to remote access hack. Using Mimikatz means that the machines patched against the notorious EternalBlue exploit previously won’t be able to tolerate this malware too. “If unsuccessful, WannaMine attempts to exploit the remote system with the EternalBlue exploit,” read the blog post by CrowdStrike researchers.

WannaMine uses built-in Windows components like Windows Management Instrumentation (WMI) and PowerShell to perform its malicious tasks. Since it is a fileless malware, hence, it becomes quite difficult to detect it or stop it from harming the computers. Although it isn’t the first ever fileless malware it is indeed quite sophisticated in comparison to other malware like Adyllkuzz that require downloading of an application called CPUMiner to operate.

It is worth noting that WannaMine malware isn’t as dangerous as NotPetya or WannaCry were because it does not lock the computers but it does drain off 100% of the IT environment capability of a client by excessively using the CPUs, which is concerning for firms running data centers or server farms.

While for individual users it would mean that their PCs or laptops’ performance will deteriorate considerably. To protect your computers, it is important to enhance anti-virus security and install cybersecurity tools to ensure endpoint protection and mitigate WannaMine threat.

Post navigation

KeyBox – Open-source Web-based SSH Console
Hacking Germany – Computers, Cyber Attacks and The Future (Documentary Film)

Related Articles

Galaxy Fold 4

Samsung to improve the durability of the waterdrop hinges in the foldable smartphones

- News
May 26, 2023
Google releases Chrome version 111 to fix 40 security vulnerabilities

Google releases Chrome version 111 to fix 40 security vulnerabilities

- News
May 26, 2023
Tor.taxi linked with Kilos exit scam

Tor.taxi linked with Kilos exit scam

- Dark Web News
February 13, 2023

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

hacker gadgets
hacker phone covers

Recent Posts

PlutoCrypt Ransomware Decryptor

PlutoCrypt Ransomware Decryptor

May 27, 2023
Galaxy Fold 4

Samsung to improve the durability of the waterdrop hinges in the foldable smartphones

May 26, 2023
CISA Adds CVE-2023-2868 Vulnerability to KEV Catalog

CISA Adds CVE-2023-2868 Vulnerability to KEV Catalog

May 26, 2023
Google releases Chrome version 111 to fix 40 security vulnerabilities

Google releases Chrome version 111 to fix 40 security vulnerabilities

May 26, 2023
PoC Exploit Released for GitLab CVE-2023-2825 Vulnerability

PoC Exploit Released for GitLab CVE-2023-2825 Vulnerability

May 26, 2023
CVE View

Mondoo v7.17.1 releases: Cloud-Native Security & Vulnerability Risk Management

February 16, 2023

Social Media Hacking

SocialPath – Track users across Social Media Platforms

SocialPath – Track users across Social Media Platforms

- Social Media Hacking
October 16, 2019October 16, 2019

SocialPath is a django application for gathering social media intelligence on specific username. It checks for Twitter, Instagram, Facebook, Reddit...

SocialScan – Check Email Address and Username Availability on Online Platforms

SocialScan – Check Email Address and Username Availability on Online Platforms

June 17, 2019
Shellphish – Phishing Tool For 18 Social Media Apps

Shellphish – Phishing Tool For 18 Social Media Apps

June 10, 2019July 27, 2019
WhatsApp Hacking using QRLJacking

WhatsApp Hacking using QRLJacking

May 2, 2019May 19, 2019
How to Hack any Facebook Account with Z-Shadow

How to Hack any Facebook Account with Z-Shadow

April 26, 2019June 29, 2020
hacker buffs

About Us

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Active Members

Submit a Tool

Hackers Handbook 2018


Grab your copy here

About Us

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Categories

  • Secure Coding
  • Documentary
  • Courses & Ebooks
  • Hack Tools
  • Hacking Tutorials
  • Mobile Hacking
  • News
  • Operating Systems
  • TOR
  • Tricks & How To’s

Active Members

Useful Links

Contact Us

Disclaimer

Privacy Policy

Submit a Tool

Copyright 2019. All rights reserved | Theme: OMag by LilyTurf Themes