Cryptominer Malware Hidden as WAV Accidentally Caused BSODs
Jan. 20, 2020Researchers at Guardicore Labs recently came across a malware attack that took down over 800 machines of a medium-sized medical tech company. The malware was hidden as a WAV file and it also included a Monero crypto miner, exploiting the infamousEternalBluevulnerability.
While everything went as per the plan of the attackers, their coderesulted in causing the good-oldBlue Screen of Death(BSOD). It was after BSOD incidents dating back to October 14 that the company realized their devices had got compromised.
As I mentioned earlier, the attackers exploited EternalBlue vulnerability to spread the malware to other devices in the network. Guardicore recommended the firm to block all SMB traffic to contain the situation.
Researchers reverse-engineered the malware and here is what they found:“The malware contains a cryptomining module based on the open-source XMRig CPU miner. It uses the CryptonightR algorithm to mine Monero – a popular privacy coin. In addition, the malware makes use of steganography and hides its malicious modules inside clean-looking WAV files”.
The malicious processes were terminated, registry keys were deleted, and the malware was cleaned from the previously affected systems to stop BSOD screens. You may read the entire reporthere.
Subin writes about consumer tech, software, and security. He secretly misses the headphone jack while pretending he’s better off with the wireless freedom.
