Ronald Hudson - Fotolia
A new type of cryptocurrency mining malware called MassMiner was recently discovered by security researchers to be infecting systems across the web. How does this malware infect systems?
Similar to ransomware attacks, cryptocurrency mining is a way for criminals to monetize their attacks. While cryptocurrency mining usually causes less collateral damage than ransomware, mining malware may be more difficult to detect.
Once attackers have infected a system, they can use the compromised system for a number of different things, such as distributed denial-of-service attacks and sending spam. Attackers sometimes have scripts or patterns they follow where each step is worked out. These scripts may also include exploits that can maximize the return on investment of an attack.
A new type of cryptocurrency mining malware called MassMiner was recently discovered by researchers from AlienVault Inc. MassMiner is used to mine Monero cryptocurrency, and the malware is configured with the Monero wallet and mining pool to which it sends mined coins.
In addition to the cryptocurrency mining function, the MassMiner malware also includes worm functionality and a version of Masscan, a high-speed IP scanner, which scans the local network before scanning the internet to look for vulnerable devices to infect.
MassMiner targets Windows servers for WebLogic, exposed server message block servers, Apache Struts and SQL Server. When one of these systems is found, MassMiner uses well-known -- and patched -- exploits to gain access to the system. The exception is SQL Server, where MassMiner attempts to brute force a password for access.
Once MassMiner gains access to a system, it establishes persistence by disabling security functionality. Then the malware downloads the configuration, including the command-and-control server.
Once the infection is complete, MassMiner starts using the infected system to mine Monero, as well as to scan for other systems to infect. In order to mitigate this attack, AlienVault released indicators of compromise to help determine if your systems have been infected.
Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Dig Deeper on Emerging cyberattacks and threats
Related Q&A from Nick Lewis
IBM banned removable storage devices to encourage employees to use the company's internal file-sharing system. Learn how a ban like this can improve ... Continue Reading
After a comeback of the Russian-built VPNFilter botnet, home network devices are at risk. Learn how this malware targets victims with expert Nick ... Continue Reading
The TrickBot banking Trojan joined forces with IcedID to form a dual threat that targets victims for money. Discover how this union occurred and how ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.