WannaMine
Ever since the boom of the cryptocurrency markets, the cybercriminals have been looking for ways to exploit this opportunity for monetary gain. Their primary tools seemed to be ransomware that requires a payment via cryptocurrency or clipboard malware that replaces the wallet address victims use for transactions, therefore ensuring that the attacker will be the final recipient of the money. Another tool that has been gaining traction among cybercriminals are the so-called crypto mining threats. These programs are meant to use the hardware resources of the victim’s computer to mine for various cryptocurrencies without the user’s approval – all of the money generated is then transferred to the account of the attacker.
One of the significant malware variants used in an operation of this sort is called WannaMine, and it boasts self-propagation and self-preservation features that certainly contributed towards its broad reach and low detection rates. When the WannaMine is initialized on a computer, it may begin to utilize a large portion of the available CPU and RAM resources to mine cryptocurrency – while this may sound harmless, it may diminish the system’s performance and reduce its lifespan.
The initial infection vector that the WannaMine’s authors use may vary, but they tend to stick to simple tricks such as fake downloads or bogus email attachments. However, once the WannaMine is started on a compromised computer, it may use PowerShell and the Window Management Instrumentation feature to attempt to sniff out other login details that would allow it to connect to other remote computers and infect them too immediately. If this does not work, the criminals have implemented a backup propagation method – the use of the EternalBlue exploit that gained popularity during the WannaCry Ransomware outbreak.
Protecting yourself from the WannaMine malware requires the use of a reputable anti-virus software suite that will keep an eye on all incoming files and look for potentially harmful traits. Furthermore, an anti-virus tool would be able to spot WannaMine’s mining activity and cease it immediately.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.