MassMiner cryptocurrency worm targets unpatched enterprise servers [source: 2-spyware]

07 May 2018

No Comments

1678

MassMiner – a cryptocurrency mining malware which is exploiting EternalBlue (CVE-2017-0143),^[1] Apache Struts (CVE-2017-5638),^[2] and Oracle WebServer (CVE-2017-10271)^[3] vulnerabilities to hijack local and enterprise web servers. Initiating brute force attacks, the miner takes control over Microsoft SQL Servers and starts mining Monero cryptocurrency by consuming an excessive amount of system’s CPU and GPU resources.

AlienVault,^[4] the developer of commercial and open source solutions to manage cyber attacks, and the largest crowd-sourced computer-security platform, was first to detect and describe the MassMiner malware in details. According to the company, MassMiner is not a single piece of malware. It’s the whole family of cyber threats connected to one unit, which can get into the tops of the most successful cyber threats of 2018.

Cryptocurrency miner malware on the rise

The unfading popularity of cryptocurrencies induces criminals to take advantage of less experienced PC users to connect their PCs to mining bots without their knowledge. According to experts, cryptocurrency miners are not going to retreat, at least not in 2018. Currently, one Bitcoin is equal to 9216 USD, while one coin of Monero is equal to 246 USD. The peak of Bitcoin was registered in 2017 reaching 20,000 USD for one coin.

There are many speculations on how the value of Bitcoin and other cryptocurrencies may change, but the prognosis is one-sided. Cryptocurrency experts expect steady growth. According to Kay Van-Petersen, an analyst at Saxo Bank, Bitcoin could hit $100,000 in 2018,^[5] as well as rival digital coins could also outperform. The value of Monero, for instance, is expected to double and exceed 600 USD at the end of 2018.

Thus, as long as crypto bubble won’t blow, malware developers will keep inventing ways to attack ransom PC’s and steal their CPU to earn at least the smallest amount of Bitcoin fraction.

MassMiner – not a typical cryptocurrency miner

The reference to MassMiner as being atypical cryptocurrency miner is, first of all, predetermined by exclusive distribution strategy. Yes, the exploitation of system’s vulnerabilities is not as a novelty. However, we don’t know much malware that would be capable of exploiting the whole list of vulnerabilities. AlienVault researchers indicated the following weaknesses that the MassMiner miner is capable of utilizing:

CVE-2017-0143, an EternalBlue vulnerability in Windows SMB service. It has been used by the infamous WannaCry^[6] and NotPetya^[7] ;
CVE-2017-5638, Apache Struts web framework vulnerability that previously allowed Equifax breach;
CVE-2017-10271, Oracle’s WebLogic Java application server vulnerability.

For more, click here.