Ad Guardian PlusNews

Cryptocurrency miner delivered by exploiting the BlueKeep vulnerability

Hacker-searching-for-vulnerabilities

The BlueKeep (Windows Remote Desktop Services) vulnerability was exploited by attackers to deliver cryptocurrency mining malware.

Researchers say that BlueKeep, which was addressed in May, allows unauthenticated attackers to execute arbitrary code, by sending crafted Remote Desktop Protocol (RDP) requests. The company warned that the vulnerability could allow malware to spread just the same the EternalBlue exploit was used back in 2017, by the WannaCry ransomware.

Microsoft warned the users to install the patch, which is available also for unsupported versions of Windows, including XP. Still, over 700,000 systems are vulnerable to attacks.

The first mass exploitation attempts were noticed during the weekend. Kevin Beaumont, the researcher who named the vulnerability, has been running a honeypot network – BluePot, trying to catch exploitation attempts. Thus, he discovered that the attacks began on October 23, when the honeypots crashed and rebooted, but understood that it was due to BlueKeep only on November 2.

The two experts discovered that the attackers have been exploiting BlueKeep to deliver a Monero miner, a malware detected at this time by 31 antivirus engines on VirusTotal.

Beaumont wrote in a blog post that “People now understand how to execute attacks on random targets, and they are starting to do it. This activity doesn’t cause me to worry, but it does cause my spider sense to say ‘this will get worse, later.” Then, he reported on Twitter that all BlueKeep activity has stopped.

Related posts
Ad Guardian PlusNews

Romanian hackers infected 400,000 victims

Ad Guardian PlusNews

Snatch reboots Windows to bypass antivirus

Ad Guardian PlusNews

Vietnamese hackers compromised BMW and Hyundai

Ad Guardian PlusNews

Tobacco web platform compromised in Romania

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to our
BitGuardian Newsletter

Stay updated with the latest security news and updates for the products you need.

Choose your favorite: