New cryptomining malware that uses NSA code just discovered

29 Apr, 2019 | Updated: 29 Apr, 2019
by Fifi Arisandi
New cryptomining malware that uses NSA code just discovered

A new cryptomining malware that uses the US National Security Agency (NSA) hacking code is found by security researchers at Symantec Corp.

Another day another malware. This time, it’s a cryptomining malware that spreads via malicious Excel file attached to email.

Nicknamed “Beapy” by researchers at Symantec Corp. who found it, the new malware is said to use the US National Security Agency (NSA) hacking code.

So, once the email recipient clicks on the Excel attachment, the DoublePulsar code opens a backdoor on the infected device, which then allows it to install cryptomining scripts by accessing a corporate network.

“Beapy is particularly effective for hackers because it targets corporations and leverages NSA technology to spread throughout employees’ devices and perform large-scale, clandestine cryptojacking,” said Anurag Kahol, CTO of Bitglass Inc. as quoted by SiliconAngle

He added, “This practice mines cryptocurrency at an extremely accelerated rate and wastes enterprises’ processing and storage power, costing thousands of additional dollars in electricity bills.”

Compared to the previously leaked NSA hacking code, EternalBlue, DoublePulsar is said to be insidious as it has “wormlike characteristic”. It means, after gaining backdoor access, DoublePulsar proceeds to dig deeper to the infected network by using a hardcoded list of usernames and passwords.

Commenting on the newly-discovered malware, Jonathan Bensen, chief information security officer of Balbix Inc. said, “Besides drastically slowing down computers and causing device degradation, Beapy in particular leverages credential stealing capabilities to aid in its spread throughout an enterprise’s network.”

“If these credentials make their way back to a command-and-control center, a malicious third party could gain unauthorized access into a corporation’s network and compromise intellectual property, employee, customer or partner data,” he elaborated further on the impact.

To deal with such attacks, Barry Shteiman, vice president of research and innovation at Exabeam Inc. suggested IT teams to look for the “signs”.

“The best thing to do is look for anomalies in your electricity bill. You should also measure changes in your HVAC usage for heat dissipation, although this will be more difficult. Beyond that, look for sudden changes in capacity or usage, as well as significant deviations in pattern and velocity,” he said.

Another method is by using an emerging technology called “entity analytics”.

“It automates detection by baselining normal machine behavior and highlighting the anomalies. Deviations from these benchmarks could an indicator of capacity abuse and a “marker of malicious cryptomining activity on your network,” Shteiman added.

Follow Chepicap now on Twitter, YouTubeTelegram and Facebook!

Chepicap is now LIVE in Blockfolio! This is how you receive our latest news in your portfolio tracker!  

Read more about: Asia Mining


Have you been victim of a crypto related virus?

(10 votes)

Add a comment

Check out the latest news

You will be logged out and redirected to the homepage