Cryptojacking explosion: EternalBlue wants to mine your PC
Android devices are also vulnerable to rogue mining attempts.
When the WannaCry ransomware attack occurred last year, we learned that it took advantage of an exploit developed by the NSA that allowed the malware to spread between computers using a flaw in the SMB file-sharing protocol. Now that same exploit, dubbed EternalBlue, is being used to spread cryptojacking software. And it's a sign that criminals are seeing this as their next big money spinner.
A new botnet, called Smominru uses EternalBlue to infect PCs and mine Monero. According to security firm Proofpoint, who discovered this botnet, the bad guys are using a network of around 25 computers to scour the internet, looking for vulnerable computers to exploit.
So far, the botnet's operators have mined approximately 8,900 Monero, or about 24 Monero per day. They've managed to pull in around US$3 million so far.
While this attack seems less damaging than a ransomware attack, it's far from victimless. Instead of coercing people to pay a ransom to get their data back, the thieves are stealing CPU cycles, and therefore energy, to mine the coins. That means the cost is likely to appear on your next energy bill. And your computer will be running its fans and battery pretty hard which could lead to shortening the life of your hardware.
With security software companies actively fighting against ransomware and other established malware, cryptojacking is emerging as a new battlefront for online crime. As it can occur almost silently through infected websites and other, less obvious attack vectors, it's likely criminals will flock to it, especially as cryptocurrency markets continue to rise despite some recent market volatility on various cryptocurrency exchanges.
You can avoid being infected by ensuring your computers are patched with the latest software updates. EternalBlue, which is officially known as CVE-2017-0144 to security researchers, was fixed almost a year ago. That means the cybercriminals spreading Smominru are relying on people not following basic cyber-hygiene and keeping their computers up to date.