Hackers are using a new crypto-mining malware, named PyRo Mine, to collect Monero quietly.
PyRo Mine is a Python-based malware that uses an NSA exploit to spread to Windows machines while also disabling security software and allowing the exfiltration of unencrypted data. It also configures the Windows Remote Management Service is such way that they become vulnerable to future attacks.
During a malware analysis researchers have discovered that PyRo Mine is using the NSA’s, ETERNAL BLUE, exploit in it.
PyInstaller was used to compile this downloadable zip file. PyInstaller is dangerous because it packages Python programs into the stand-alone executable so that the attacker does not need to install Python on the machine to execute the program.
This kind of stand-alone installers can be easily evaded if a robust cybersecurity solution is present in every device that you own. Depending on which version of OS is installed on your device it is imperative to install an antivirus for Windows or antivirus for Mac. Companies should also use the services of a cybersecurity firm to verify their internal network by running various tests like penetration test and ethical hacking tests.
Researchers found several latest toolsets that are armed with various payloads that have the functionality to deploy cyberattacks, harvest data and take advantage of lax security and processing time. All these malicious tools come nicely packed using a simple issue that humans haven’t patched or don’t pay attention to when we are downloading/clicking.
All the combined attack techniques used in this scripts and packages let the hackers stay hidden while deploying their additional attack vectors. Because they are silent cyberattacks made with tools like this can go unnoticed for a long period.
One of the scripts was simply copied from the ETERNAL ROMANCE implementation found on the exploit database website, with a few modifications: this malware gets the local IP addresses to find the local subnet(s), then iterates through all the IPs of these subnets to execute the payload.
After a hacker manages to access the targeted system successfully, he can start mining for Monero, by using targeted computer’s CPU.
Pay attention! Those who have not patched these known vulnerabilities remain potential targets also experts expect to see more of these types of attacks in the future.
Remember that only a robust cybersecurity solution can protect your device form all types of unwanted or bogus miners. The use of an active antivirus is mandatory. We strongly recommend to everyone to install an antivirus for Windows or antivirus for Mac depending on which version of OS your devices run. If you are a company, please check your network integrity by hiring top cybersecurity firms to perform various tests like penetration test and ethical hacking tests at least once a year.