LTS Secure Warning: New Cryptojacking Malware Leverages Leaked NSA Exploit To Devastate Enterprises In Asia

Researcher have identified a new Cryptojacking malware dubbed Beapy, which makes use of Leaked NSA exploits (DoublePulsar & EternalBlue) to infect & spread across enterprise network in Asia.

 

Technical Details

Till now it is not certain how the initial phase of the Beapy campaign took place, but for victims emails were used as the initial vector. The Email contains a malicious Excel file, which once opened will download the DoublePulsar backdoor. DoublePulsar allows a Backdoor to be opened on the victim device & allows Remote Code Execution (RCE). Next, the EternalBlue exploit is being leveraged to allow files to propagate laterally across enterprise network.

A Powershell script is then executed, which establishes a connection to a Command & Control (C&C) server, after which a Coinminer is dropped on the victim device to start mining Monero (XMR).

 

Impact

  • It affects your System Performance as well as functionality.
  • Overheating of devices may cause damage to device components.
  • Increased costs due increased power consumption by devices.

 

Recommended Actions

  • Always update your anti-virus software with the latest releases.
  • Ensure that your devices are always up-to-date with the latest patches released.
  • Avoid Opening emails & attachments from unknown senders.
  • Isolate all of the compromised computers ASAP to prevent threats from spreading further inside your infrastructure.
  • Make proper security configuration for Firewall/IDS/IPS/Endpoint Protection systems so that no holes are left barred.