You might remember the chaos caused by the WannaCry cybersecurity crisis last year, where a security exploit developed by the National Security Agency in the US was used to create a devestating ransomware attack on an international scale that affected over 230,000 computers in over 150 countries. Well, out of the fire of that nightmare has come a new exploit called WannaMine, with a completely different goal in mind; to covertly use infected computers and networks to mine cryptocurrency.
Cybersecurity firm Panda Security from Spain discovered WannaMine in October, and according to cybersecurity firm CrowdStrike, it has grown significantly since; potentially infecting tens of thousands of computers. Furthermore, it poses additional risks due to how it gains access to victim compuerts; it uses a two pronged approach, stealing stolen logins to try and break in to a victim's computer via a tool called Mimicatz before resorting to the EternalBlue method of breaking into the victim's computer. According to CrowdStrike, WannaMine can infect a computer in an array of ways, ranging from a user clicking on a malicious link in an email or webpage to targeted remote access attack by a hacker. Once the WannaMine script has infected a computer, it uses two normal Windows applications—PowerShell and Windows Management Instrumentation—to do its dirty work. This has disastrous implications as antivirus software on the average user's computer will be unable to detect the malware due to it not leaving any files as a trace.
While it's well noted by mining aficionados that CPU mining has notoriously weak yields and is usually wort little, doing so on the scale of tens of thousands of infected computers and large mainframe networks can be much more profitable; and much more dangerous. Furthermore, WannaMine manages to bypass this obstacle by mining a cryptocurrency called Monero, which is popular with malware miners because it can be generated with consumer hardware like CPU's rather than expensive GPU's. While this may not have drastic implications for the average consumer aside from a noticeably slower PC, this exploit has proven disastrous for businesses and mainframes. The malware has led to multiple companies' computer and network infrastructure completely shutting down, leading to several days of downtime and lost work.
As cryptocurrency malware gets more efficient and harder to detect, it's likely that this will not be the last time we hear about criminals profiting significantly off of the suffering of the average, computer-illiterate user. While WannaMine can be removed on an individual system level, as of today no complete system patch for it exists, leaving millions of systems potentially vulnerable to being tuned into nonconsensual mining rigs.
What do you guys think? Are you scared of having your computer turned into a nonconsensual mining rig? Let us know in the comments, or tell us what you think over on our forums.
Image credit: The Guardian