Symantec, an American software security firm has recognized the spreading of a crypto mining malware which focuses on large enterprises mainly. Tech Crunch has reported that the mining software uses National Security Agency hacking tools in order to enter into the large enterprises’ systems. This new cryptojacking malware is usually called as the Beapy it has already spewed more than 12,000 infections for more than 732 organizations from March. Almost 80% of infections are located in China.
Malicious Virus is Spread Through Emails to the Organizations
The researchers were able to discover that the malware is spread through malicious emails. The organization has to just open the email once and the malware drops DoublePulsar which is developed by NSA. The malware uses NSA’s EternalBlue exploit which was also used in spreading the WannaCry Ransomware back in 2017.
Beapy also uses an open source credential stealer named Mimikatz which collects the usernames and passwords from the infected computers. These credentials will help in navigating across the network.
After the shutdown of Coinhive, a popular mining tool which was based on the web, the cryptojacking usage has declined a lot. Now the file based cryptojacking by Beapy is faster and more efficient providing more options for the hackers to make money.
For instance, in a single month, the web-based cryptojacking will help to generate 30,000 USD whereas the file based cryptojacking can generate 750,000 USD- according to Symantec Researchers report.
As reported recently the crypto mining is one of the most used techniques by hackers for attacking cloud infrastructures of businesses. All the organizations are facing major crypto attacks. The federal jury has arrested two Romanian cybercriminals as they were alleged to spread malware for stealing user credentials and illicit crypto mining.