Beapy is a cryptocurrency-mining Trojan and worm that hijacks the system's hardware for generating Monero coins. Its campaign is attacking China-based targets preferentially, corporate-level businesses especially, through e-mail. Workers can employ anti-malware services for deleting Beapy before it causes significant damage and should avoid opening e-mail links or attachments without verifying their safety.
The Trojan Mining Spree Continues Making Headway into China
In a campaign that's supposedly even better at earning money than the Coinhive Cryptojacking, Beapy is a Trojan that's going back to old ways of doing illicit business, in more ways than one. It represents a credible threat to nearly all enterprise-level organizations in China and other areas of the world, with capabilities for propagating throughout a network and hijacking hardware en masse. On the other hand, its eventual goal is almost charmingly simple: running another version of XMRig.
XMRig is a Monero cryptocurrency-mining application that threat actors, sometimes, use non-consensually by installing it on their victims' systems. In the case of the Beapy campaign, these attacks involve infections over e-mail messages, which are likely of maximizing their social engineering appeal to the targeted employees. Beapy, then, gets on board and configures the XMRig installation for its threat actors' benefit.
However, Beapy's attacks don't stop there, and malware researchers recommend isolating compromised systems immediately. Beapy includes worm-like distribution mechanisms, such as brute-forcing network passwords, collecting them via Mimikatz, and exploiting EternalBlue, the infamous SMB vulnerability. These features help Beapy compromise other machines that are available over network connections and break into their admin accounts for installing and running more instances of itself and XMRig.
Digging a Company Out of a Pit of Collected Monero
As individuals, users can protect themselves by updating software like Word and Adobe's Reader, never enabling macros or other, 'advanced' content that requires prompts for continuing, and looking over e-mail messages carefully for signs of a phishing attack. Some of the templates that malware researchers find these lure adhering to include office equipment notifications, invoices, and news articles about the company's industry. The attacks may address employees by their names or titles, if this information is publicly available or if it's circulating in the dark Web.
Cryptocurrency-mining Trojans can cause permanent hardware damage, or, at the very least, inflict power-related billing hikes or slow down system performance. The method of Beapy's introduction also poses some potential for the installation of other threats besides the relatively low-level, non-consensual variant of XMRig. Most anti-malware programs are capable of deleting Beapy and other worms, but disinfecting the entire network may be necessary.
Perhaps worst of all, not everything that Beapy does can be undone. Any Monero it makes will stay profitable for the threat actors, and any passwords, out of your hands, and into the grip of hackers.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to Beapy may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.