Ronald Hudson - Fotolia
A new type of cryptocurrency mining malware called MassMiner was recently discovered by security researchers to be infecting systems across the web. How does this malware infect systems?
Similar to ransomware attacks, cryptocurrency mining is a way for criminals to monetize their attacks. While cryptocurrency mining usually causes less collateral damage than ransomware, mining malware may be more difficult to detect.
Once attackers have infected a system, they can use the compromised system for a number of different things, such as distributed denial-of-service attacks and sending spam. Attackers sometimes have scripts or patterns they follow where each step is worked out. These scripts may also include exploits that can maximize the return on investment of an attack.
A new type of cryptocurrency mining malware called MassMiner was recently discovered by researchers from AlienVault Inc. MassMiner is used to mine Monero cryptocurrency, and the malware is configured with the Monero wallet and mining pool to which it sends mined coins.
In addition to the cryptocurrency mining function, the MassMiner malware also includes worm functionality and a version of Masscan, a high-speed IP scanner, which scans the local network before scanning the internet to look for vulnerable devices to infect.
MassMiner targets Windows servers for WebLogic, exposed server message block servers, Apache Struts and SQL Server. When one of these systems is found, MassMiner uses well-known -- and patched -- exploits to gain access to the system. The exception is SQL Server, where MassMiner attempts to brute force a password for access.
Once MassMiner gains access to a system, it establishes persistence by disabling security functionality. Then the malware downloads the configuration, including the command-and-control server.
Once the infection is complete, MassMiner starts using the infected system to mine Monero, as well as to scan for other systems to infect. In order to mitigate this attack, AlienVault released indicators of compromise to help determine if your systems have been infected.
Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Dig Deeper on Emerging cyberattacks and threats
Related Q&A from Nick Lewis
Enterprises have many options for email security best practices, ranging from deploying email security protocols to educating end users on the ... Continue Reading
Cyberattacks often begin with a port scan attack, which attackers use to find exploitable vulnerabilities on targeted systems. Learn how they work ... Continue Reading
Monitoring process memory is one way to combat fileless malware attacks. Here's what you can do to protect your network against these campaigns. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.