As cryptocurrencies are becoming increasingly popular, users are becoming victims of cryptocurrency mining on a regular basis. According to Trend Micro, hackers are currently using Windows systems with a new malware that runs in the memory to use the compromised machine to work on mining cryptocurrency.
According to the security specialists at Trend Micro, the malware is extremely stealthy and persistent and is using WannaCry and NotPetya as a spreading mechanism. While Microsoft released a patch to fix the problem back in March, recent infections have suggested that not all of the systems may not have been updated since then.
In order to take control of the compromised machine, the malware installs several WMI (Windows Management Instrumentation) scripts which run in memory. In case you didn’t know, system admins use WMI to automate tasks on remote computers along with windows application. The latest Malware uses similar method as hackers can connect to the compromised machines command-and-control domains to download the mining software and malware.
In order to protect yourself from possible attacks, you should disable disable the SMBv1 file-sharing protocol to prevent attacks using Eternal Blue. The exploit of the file*sharing method was rumored to be created by NSA and at the time, Microsoft urged customers to stop using the dated protocol.
If you are not sure if your system has been compromised of contain similar malware, you can run this tool by Microsoft to detect WMI activity on your computer.
Featured Image: Maxpixel