“Indications are that the crooks behind Adylkuzz have generated a lot more money than the WannaCrypt ransomware fiends”, the report noted.
Adylkuzz doesn’t demand, as WannaCry does, that victims pay a ransom to retrieve their data.
Despite the invasive software not outright damaging users’ systems, McKinnon warns of potential “secondary dangers” with the Adylkuzz software, noting it could have its own vulnerabilities and could leave systems open for future compromises. Instead, the Adylkuzz malware will conscript said machines into a botnet created to mine Monero cryptocurrency. Monero is the currency of choice on AlphaBay, a dark web market trafficking in drugs, stolen credit card information and other illicit goods.
According to Kafeine, initial statistics suggest that this attack may be larger in scale than WannaCry.
“I would say the real-world impact of this attack is going to be more substantial than WannaCry”, Kalember told ABC News.
Cyber bandits have again deployed both the EternalBlue and DoublePulsar exploits developed and used by the NSA which were released by the ShadowBrokers hackers back in April.
“Like last week’s WannaCry campaign, this attack makes use of leaked NSA hacking tools and leverages a patched vulnerability in Microsoft Windows networking”, the resercher explained, adding: “The Adylkuzz campaign, in fact predates WannaCry by many days”.
The firm believes Adylkuzz has been on the loose since at least May 2, and perhaps even since April 24, but due to its stealthy nature was not immediately detected. The only symptoms of an infection are sluggish PC and server performance and the loss of access to shared Windows drives.
Kalember said Proofpoint has identified 20 servers around the world that are “essentially hunting for vulnerable computers to do the mining”. Proofpoint claims the hackers have reaped well upwards of $US44,000 in Monero over the course of the attack, which is still ongoing.
“There are no reports of this “Adylkuzz” malware from the Indian establishments yet”.
The now infamous Windows vulnerability (MS17-010) exploited by the WannaCrypt ransomware has also been abused to spread another type of malware, specifically a cryptocurrency miner.
On May 12, WannaCry Ransomware carried out over 200,000 cyber attacks in over 150 countries when the sytems had to got down on its knees, locked down by an outbreak of WannaCry Ransomware raging across the Internet.
“McAfee Labs conducted a comparison of the Adylkuzz code and found that the Adylkuzz virus has not evolved significantly throughout the years”. No action by the victim is required.
While the term cryptocurrency is typically associated with Bitcoin, Adylkuzz actually mines Monero, a similar but more heavily encrypted digital currency. Bitcoin ledgers are public. It’s being claimed that Monero has infected hundreds of thousands of PCs and servers worldwide. These hashes form part of the “blocks” in the blockchain, and miners are rewarded with the currency each time their computer figures out one of these hashes.