Since last week, entire world was preoccupied with the Ransom-ware attack. Hackers who indulged in this attack were reported to be using Eternal Blue exploit. This exploit is said to be one of many exploits that were released by Shadow Brokers. This exploit traces its origin to Equation Group- the elite hacking group of NSA.
Eternal Blue was used along with Double Pulsar for creating a backdoor into Windows operating systems. Hackers used it to spread Ransom-ware- Wannacry, which encrypts the entire data on system, and demands ransom in return for that data.
Image source : click here
However a researcher found that, even before Wannacry attack. A botnet named Adylkuzz made its entry into vulnerable windows operating systems, whose which failed to patch the last security update by Microsoft. This botnet was said to be a mining bot, used to mine a crypto-currency named ” Monero “. Usually mining Crypto currencies requires a lot of computational powers, which is un-affordable and a herculean task to setup. Therefore a group of hackers used Adylkuzz botnet to enter into vulnerable computers using Double Pulsar backdoor and installed this botnet.
Currently one Monero costs 26.7$, using a laptop a user can hardly generate a coin per day. But all the systems affected with Adylkuzz, could fetch him a five figure payout daily. Researchers estimate that the spread of Adylkuzz is much bigger than WannaCry.
Unlike Wannacry, this thing does not notifies the user about its presence, it runs in stealth mode in background. The good news is here is that, all the systems which are affected by Adylkuzz won’t see Wanna-cry’s entry into them. This is because, soon after installing itself Adylkuzz blocks the Windows Service Messaging Port (SMB), Tcp port 445, thus restricting the entry of any foreign elements.
The more creepy news is that the game was not finished yet. Shadow brokers promised to publish more Zero-day vulnerabilities in June, which extends even to popular Operating system Android as well. So, be careful and patch your system with the latest security updates.