EternalBlue exploit

Pierluigi Paganini January 04, 2019
New NRSMiner cryptominer NSA-Linked EternalBlue Exploit

A new variant of the NRSMiner is infecting users in the southern region of Asia, most of the victims are in Vietnam (54%), Iran (16%) and Malaysia (12%). The new version leverages the EternalBlue exploit to spread, experts observed that the threat also updates existing NRSMiner installs. ETERNALBLUE is an NSA exploit that made the headlines […]

Pierluigi Paganini July 31, 2018
Fileless PowerGhost cryptocurrency miner leverages EternalBlue exploit to spread

Security experts from Kaspersky Lab have spotted a new cryptocurrency miner dubbed PowerGhost that can spread leveraging a fileless infection technique. The PowerGhost miner targets large corporate networks, infecting both workstations and servers, it employing multiple fileless techniques to evade detection. “The malware, which we dubbed PowerGhost, is capable of stealthily establishing itself in a system and spreading […]

Pierluigi Paganini February 01, 2018
WannaMine, the sophisticated crypto miner that spreads via NSA EternalBlue exploit

Researchers from security firm CrowdStrike spotted a new Monero crypto-mining worm dubbed WannaMine that spreads leveraging the NSA-linked EternalBlue exploit. This morning I wrote about the Smominru botnet that used NSA exploit to infect more than 526,000 systems, and I explained that other threat actors are using similar techniques to mine cryptocurrency. This is the case of […]

Pierluigi Paganini September 23, 2017
Retefe banking Trojan leverages EternalBlue exploit to infect Swiss users

Cyber criminals behind the Retefe banking Trojan have improved it by adding a new component that uses the NSA exploit EternalBlue. ETERNALBLUE is the alleged NSA exploit that made the headlines with DOUBLEPULSAR in the WannaCry attack and NotPetya massive attacks. ETERNALBLUE targets the SMBv1 protocol and it has become widely adopted in the community of malware developers. Investigations on WannaCry, for […]