Kingminer Botnet is using old exploit to spread malware
This is the same exploit that was used for spreading WannaCry and NotPetya ransomware back in 2017.
Cyberattacks are on a rise lately. Reports in the past have detailed how scammers are using clever techniques for spreading malware and ransomware. Now, a new report details how cyber criminals are using an old trick to spread malware.
According to a report by cybersecurity firm Sophos, Kingminer, the gang behind the Kingminer botnet, are using the infamous EternalBlue exploit in an attempt to spread malware.
To give you a brief about this vulnerability, the EternalBlue exploit first came into light back for being used by scammers for spreading the WannaCry and NotPetya ransomware back in 2017. It gives hackers remote access to a Windows System via a bug in the victim's Server Message Block (SMB) protocol implementations. The bug allows hackers to remotely execute a code on the victim's computer. While Microsoft has already issued a patch for this vulnerability, however, not everyone has installed a patch on their systems.
“Recently we have seen signs that the operators of the Kingminer botnet started experimenting with an EternalBlue spreader. We have witnessed this script being delivered to the infected systems but have not observed a successful infection as a result of the exploitation,” Sophos wrote in a blog post.
In addition to using the EternalBlue exploit, Kingminer is also using the BlueKeep vulnerability to target victims. This vulnerability exists in Microsoft's Remote Desktop Protocol (RDP) implementation and it allows hackers to remotely execute a malicious code. Microsoft has already released a patch to fix this bug as well.
Sophos' research says that “if the malware identifies that it is running on any of the vulnerable systems, the code goes on to list the installed hotfixes with the command and searches for the ones related to Bluekeep...If it finds none of the hotfixes the script disables further Remote Desktop (RDP).”
All in all, the motive of the attackers is to “disable a possible infection vector that other crypto-mining botnets could use to infect the computer.”
Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.