Cryptojacking explosion: EternalBlue wants to mine your PC

Anthony Caruana 2 February 2018 NEWS


Android devices are also vulnerable to rogue mining attempts.

When the WannaCry ransomware attack occurred last year, we learned that it took advantage of an exploit developed by the NSA that allowed the malware to spread between computers using a flaw in the SMB file-sharing protocol. Now that same exploit, dubbed EternalBlue, is being used to spread cryptojacking software. And it's a sign that criminals are seeing this as their next big money spinner.

A new botnet, called Smominru uses EternalBlue to infect PCs and mine Monero. According to security firm Proofpoint, who discovered this botnet, the bad guys are using a network of around 25 computers to scour the internet, looking for vulnerable computers to exploit.

So far, the botnet's operators have mined approximately 8,900 Monero, or about 24 Monero per day. They've managed to pull in around US$3 million so far.

While this attack seems less damaging than a ransomware attack, it's far from victimless. Instead of coercing people to pay a ransom to get their data back, the thieves are stealing CPU cycles, and therefore energy, to mine the coins. That means the cost is likely to appear on your next energy bill. And your computer will be running its fans and battery pretty hard which could lead to shortening the life of your hardware.

As well as targeting computers, cryptojacking malware has also been discovered on Android devices. According to a report by Sophos, these can work either in a browser using JavaScript or through malicious applications.

With security software companies actively fighting against ransomware and other established malware, cryptojacking is emerging as a new battlefront for online crime. As it can occur almost silently through infected websites and other, less obvious attack vectors, it's likely criminals will flock to it, especially as cryptocurrency markets continue to rise despite some recent market volatility on various cryptocurrency exchanges.

You can avoid being infected by ensuring your computers are patched with the latest software updates. EternalBlue, which is officially known as CVE-2017-0144 to security researchers, was fixed almost a year ago. That means the cybercriminals spreading Smominru are relying on people not following basic cyber-hygiene and keeping their computers up to date.

Latest cryptocurrency news

Disclaimer: This information should not be interpreted as an endorsement of cryptocurrency or any specific provider, service or offering. It is not a recommendation to trade. Cryptocurrencies are speculative, complex and involve significant risks – they are highly volatile and sensitive to secondary activity. Performance is unpredictable and past performance is no guarantee of future performance. Consider your own circumstances, and obtain your own advice, before relying on this information. You should also verify the nature of any product or service (including its legal status and relevant regulatory requirements) and consult the relevant Regulators' websites before making any decision. Finder, or the author, may have holdings in the cryptocurrencies discussed.

Picture: Shutterstock

Latest crypto guides

Ask an Expert

You are about to post a question on

  • Do not enter personal information (eg. surname, phone number, bank details) as your question will be made public
  • is a financial comparison and information service, not a bank or product provider
  • We cannot provide you with personal advice or recommendations
  • Your answer might already be waiting – check previous questions below to see if yours has already been asked

Finder only provides general advice and factual information, so consider your own circumstances, or seek advice before you decide to act on our content. By submitting a question, you're accepting our Privacy & Cookies Policy and Terms of Use, Disclaimer & Privacy Policy.
Ask a question
Go to site