Kingminer Botnet is using old exploit to spread malware | Tech News

Kingminer Botnet is using old exploit to spread malware

This is the same exploit that was used for spreading WannaCry and NotPetya ransomware back in 2017.

By: HT TECH
| Updated on: Aug 20 2022, 21:20 IST
Kingminer, the gang behind the Kingminer botnet, are using the infamous EternalBlue exploit in an attempt to spread malware.
Kingminer, the gang behind the Kingminer botnet, are using the infamous EternalBlue exploit in an attempt to spread malware. (Pixabay)

Cyberattacks are on a rise lately. Reports in the past have detailed how scammers are using clever techniques for spreading malware and ransomware. Now, a new report details how cyber criminals are using an old trick to spread malware.

According to a report by cybersecurity firm Sophos, Kingminer, the gang behind the Kingminer botnet, are using the infamous EternalBlue exploit in an attempt to spread malware.

You may be interested in

MobilesTablets Laptops
7% OFF
Apple iPhone 15 Pro Max
  • Black Titanium
  • 8 GB RAM
  • 256 GB Storage
28% OFF
Samsung Galaxy S23 Ultra 5G
  • Green
  • 12 GB RAM
  • 256 GB Storage
Google Pixel 8 Pro
  • Obsidian
  • 12 GB RAM
  • 128 GB Storage
Apple iPhone 15 Plus
  • Black
  • 6 GB RAM
  • 128 GB Storage

To give you a brief about this vulnerability, the EternalBlue exploit first came into light back for being used by scammers for spreading the WannaCry and NotPetya ransomware back in 2017. It gives hackers remote access to a Windows System via a bug in the victim's Server Message Block (SMB) protocol implementations. The bug allows hackers to remotely execute a code on the victim's computer. While Microsoft has already issued a patch for this vulnerability, however, not everyone has installed a patch on their systems.

Also read
Looking for a smartphone? To check mobile finder click here.

“Recently we have seen signs that the operators of the Kingminer botnet started experimenting with an EternalBlue spreader. We have witnessed this script being delivered to the infected systems but have not observed a successful infection as a result of the exploitation,” Sophos wrote in a blog post.

In addition to using the EternalBlue exploit, Kingminer is also using the BlueKeep vulnerability to target victims. This vulnerability exists in Microsoft's Remote Desktop Protocol (RDP) implementation and it allows hackers to remotely execute a malicious code. Microsoft has already released a patch to fix this bug as well.

Sophos' research says that “if the malware identifies that it is running on any of the vulnerable systems, the code goes on to list the installed hotfixes with the command and searches for the ones related to Bluekeep...If it finds none of the hotfixes the script disables further Remote Desktop (RDP).”

All in all, the motive of the attackers is to “disable a possible infection vector that other crypto-mining botnets could use to infect the computer.”

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 10 Jun, 17:39 IST
NEXT ARTICLE BEGINS