Bitcoin Mining Virus Entitled “Coinminer” is Spread via NSA Exploit


Hackers are making great profits when mining bitcoins, especially when they use computers of other users, and do not have to pay for electricity or advanced hardware. Japanese cybersecurity experts from the firm “Trend Micro” state that hackers have developed a new type of malware, known as “CoinMiner”. With the help of exploits developed by NSA they use the computers of victims to mine cryptocurrency.

According to cybersecurity experts, the program “CoinMiner” uses a component which is present on any PC. It is called the Windows Management Instrumentation. Alongside with the WMI hackers are using the NSA tool entitled “Eternal Blue” to infect the computers. The same technique was used when WannaCry infected thousands of computers worldwide.

Microsoft has located the error and released a new patch which was designed to resolve the issue, but PC users are usually slow when it comes to updates. The scheme of how the malware works is actually simple. Once it has an access to the computer, it automatically installs a few WMI scripts and connects them to the server. Then the server provides certain instructions and the miner is instantly downloaded on the PC. In fact, WMI is one of the most crucial components in the Windows system, and it completes a great number of tasks, so it should be secured.

After the PC is infected by the malware, it begins mining the cryptocurrency for the cybercriminals. The notorious “CoinMiner” is mostly spread around Asian countries, such as Japan and Indonesia.

In the Trend Micro blog, the company representative Buddy Tancio stated that:

“The mixture of WMI and Eternal Blue makes the malware stealthy and hard to get rid of”.

Cybersecurity experts state that the file less malware is becoming increasingly common. It is also common for hackers to use existing operating system tools to spread the malware. Similar hacking techniques and methods created substantial damage to Iran’s nuclear program.

According to Japanese Trend Micro experts, the malware uses certain triggering methods for the WMI scripts, which guarantee that the malware will continue the mining Bitcoin every three hours.

Bitcoin mining malware is actually not a new notion. Merkle has written about other harmful codes which have helped to decrease the expansion of the WannaCry virus. The expansion was decreased because the SBM ports were closed. Closing these ports might also help in preventing the harm of “ConMiner”.

Shadow Brokers, a hacker group, has exposed their methods and revealed that Eternal Blue was the main force behind their hacking schemes. They have also used other types of NSA hacking tools.

Trend Micro offers some solutions on how to stop the malware expansion. It mostly spreads through Windows operating system, so to be safe you may partially disable the WMI, the system has an instruction on how to do it. You should also make time and update your system, download the newest patches so that your WMI will remain safe from the harmful malware.