LTS Secure Warning: New Cryptojacking Malware Leverages Leaked NSA Exploit To Devastate Enterprises In Asia

Researcher have identified a new Cryptojacking malware dubbed Beapy, which makes use of Leaked NSA exploits (DoublePulsar & EternalBlue) to infect & spread across enterprise network in Asia.

 

Technical Details

Till now it is not certain how the initial phase of the Beapy campaign took place, but for victims emails were used as the initial vector. The Email contains a malicious Excel file, which once opened will download the DoublePulsar backdoor. DoublePulsar allows a Backdoor to be opened on the victim device & allows Remote Code Execution (RCE). Next, the EternalBlue exploit is being leveraged to allow files to propagate laterally across enterprise network.

A Powershell script is then executed, which establishes a connection to a Command & Control (C&C) server, after which a Coinminer is dropped on the victim device to start mining Monero (XMR).

 

Impact

  • It affects your System Performance as well as functionality.
  • Overheating of devices may cause damage to device components.
  • Increased costs due increased power consumption by devices.

 

Recommended Actions

  • Always update your anti-virus software with the latest releases.
  • Ensure that your devices are always up-to-date with the latest patches released.
  • Avoid Opening emails & attachments from unknown senders.
  • Isolate all of the compromised computers ASAP to prevent threats from spreading further inside your infrastructure.
  • Make proper security configuration for Firewall/IDS/IPS/Endpoint Protection systems so that no holes are left barred.

 

LTS Secure Locations
  • Florida: 407-965-5509
    Los Angeles: 323-544-5013
    Mid West: 800 689 4506

  • Chicago/Midwest– 2406 Schumacher Drive, Mishawaka, IN, 46545

    201, Tower S4, Phase II, Cybercity, Magarpatta Township, Hadapsar, Pune-411013

Leave us a messages Leave us a messages

← Prev Step

Thanks for contacting us. We'll get back to you as soon as we can.

Please provide a valid name, email, and question.

Powered by LivelyChat
Powered by LivelyChat Delete History