Ronald Hudson - Fotolia

Q
Problem solve Get help with specific problems with your technologies, process and projects.

How does MassMiner malware infect systems across the web?

Researchers from AlienVault found a new cryptocurrency mining malware -- dubbed MassMiner -- that infects systems across the web. Learn how this malware operates with Nick Lewis.

A new type of cryptocurrency mining malware called MassMiner was recently discovered by security researchers to be infecting systems across the web. How does this malware infect systems?

Similar to ransomware attacks, cryptocurrency mining is a way for criminals to monetize their attacks. While cryptocurrency mining usually causes less collateral damage than ransomware, mining malware may be more difficult to detect.

Once attackers have infected a system, they can use the compromised system for a number of different things, such as distributed denial-of-service attacks and sending spam. Attackers sometimes have scripts or patterns they follow where each step is worked out. These scripts may also include exploits that can maximize the return on investment of an attack.

A new type of cryptocurrency mining malware called MassMiner was recently discovered by researchers from AlienVault Inc. MassMiner is used to mine Monero cryptocurrency, and the malware is configured with the Monero wallet and mining pool to which it sends mined coins.

In addition to the cryptocurrency mining function, the MassMiner malware also includes worm functionality and a version of Masscan, a high-speed IP scanner, which scans the local network before scanning the internet to look for vulnerable devices to infect.

MassMiner targets Windows servers for WebLogic, exposed server message block servers, Apache Struts and SQL Server. When one of these systems is found, MassMiner uses well-known -- and patched -- exploits to gain access to the system. The exception is SQL Server, where MassMiner attempts to brute force a password for access.

Once MassMiner gains access to a system, it establishes persistence by disabling security functionality. Then the malware downloads the configuration, including the command-and-control server.

Once the infection is complete, MassMiner starts using the infected system to mine Monero, as well as to scan for other systems to infect. In order to mitigate this attack, AlienVault released indicators of compromise to help determine if your systems have been infected.

Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)

This was last published in October 2018

Dig Deeper on Emerging cyberattacks and threats

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

How has cryptocurrency mining malware affected your enterprise?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close