Beapy
Beapy is a cryptocurrency-mining Trojan and worm that hijacks the system's hardware for generating Monero coins. Its campaign is attacking China-based targets preferentially, corporate-level businesses especially, through e-mail. Workers can employ anti-malware services for deleting Beapy before it causes significant damage and should avoid opening e-mail links or attachments without verifying their safety.
The Trojan Mining Spree Continues Making Headway into China
In a campaign that's supposedly even better at earning money than the Coinhive Cryptojacking, Beapy is a Trojan that's going back to old ways of doing illicit business, in more ways than one. It represents a credible threat to nearly all enterprise-level organizations in China and other areas of the world, with capabilities for propagating throughout a network and hijacking hardware en masse. On the other hand, its eventual goal is almost charmingly simple: running another version of XMRig.
XMRig is a Monero cryptocurrency-mining application that threat actors, sometimes, use non-consensually by installing it on their victims' systems. In the case of the Beapy campaign, these attacks involve infections over e-mail messages, which are likely of maximizing their social engineering appeal to the targeted employees. Beapy, then, gets on board and configures the XMRig installation for its threat actors' benefit.
However, Beapy's attacks don't stop there, and malware researchers recommend isolating compromised systems immediately. Beapy includes worm-like distribution mechanisms, such as brute-forcing network passwords, collecting them via Mimikatz, and exploiting EternalBlue, the infamous SMB vulnerability. These features help Beapy compromise other machines that are available over network connections and break into their admin accounts for installing and running more instances of itself and XMRig.
Digging a Company Out of a Pit of Collected Monero
As individuals, users can protect themselves by updating software like Word and Adobe's Reader, never enabling macros or other, 'advanced' content that requires prompts for continuing, and looking over e-mail messages carefully for signs of a phishing attack. Some of the templates that malware researchers find these lure adhering to include office equipment notifications, invoices, and news articles about the company's industry. The attacks may address employees by their names or titles, if this information is publicly available or if it's circulating in the dark Web.
Cryptocurrency-mining Trojans can cause permanent hardware damage, or, at the very least, inflict power-related billing hikes or slow down system performance. The method of Beapy's introduction also poses some potential for the installation of other threats besides the relatively low-level, non-consensual variant of XMRig. Most anti-malware programs are capable of deleting Beapy and other worms, but disinfecting the entire network may be necessary.
Perhaps worst of all, not everything that Beapy does can be undone. Any Monero it makes will stay profitable for the threat actors, and any passwords, out of your hands, and into the grip of hackers.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.