A computer security exploit developed by the US National Security Agency and leaked by hackers last year is now being used to mine cryptocurrency, and according to cybersecurity experts the number of infections is rising.
By Daniel Oberhaus | MOTHERBOARD
Last April, a hacking group called the Shadow Brokers leaked EternalBlue, a Windows exploit that was developed by the NSA. Less than a month later, EternalBlue was used to unleash a devastating global ransomware attack called WannaCry that infected more than 230,000 computers in 150 countries. A month later, in June, the EternalBlue exploit was again used to cripple networks across the world in an even more sophisticated attack. Now, security researchers are seeing the EternalBlue exploit being used to hijack people’s computers to mine cryptocurrency.
“EternalBlue, which was previously only used by nation state actors, is now becoming much more commonplace in malware leveraged by your average cybercriminal,” Bryan York, director of services at CrowdStrike, told me on the phone.
This new attack—called WannaMine—may seem like less of a threat than WannaCry because it doesn’t lock users out of their computer. But CrowdStrike noted in a blog post laying out its findings on WannaMine that the company has observed the malware “rendering some companies unable to operate for days and weeks at a time.” WannaMine infections are also hard to detect because it doesn’t download any applications to an infected device.