New Crypto Mining Malware Beapy Uses Leaked NSA Hacking Tools: Symantec Research

Published at: April 25, 2019

American software security firm Symantec found a spike in a new crypto mining malware that  mainly targets enterprises, TechCrunch reports on April 25.

The new cryptojacking malware, dubbed Beapy, uses the leaked United States National Security Agency (NSA) hacking tools to spread throughout corporate networks to generate big sums of money from a large amount of computers, the report notes.

First spotted in January 2019, Beapy reportedly surged to over 12,000 unique infection across 732 organizations since March, with more than 80% of infections located in China.

As found by researchers, Beapy malware is reportedly spread through malicious emails. Once opened, malware drops the NSA-developed DoublePulsar malware and uses NSA’s EternalBlue exploit, the same exploits that helped spread the WannaCry ransomware in 2017. According to the report, Beapy also uses Mimikatz, an open-source credential stealer, to collect and use passwords from infected computers to navigate its way across the network.

According to TechCrunch, cryptojacking has seen a decline in recent months, partially due to the recent shutdown of Coinhive, a popular web-based online mining tool. However, file-based cryptojacking such as Beapy is reportedly much more efficient and faster, which allows hackers to make more money.

As such, in a single month, file-based mining can generate up to $750,000, compared to just $30,000 from a browser-based mining activity, Symantec researchers said.

As recently reported, crypto mining is one of the most observed objectives of hackers attacking businesses’ cloud infrastructures, with organizations of all sizes continuing to face major crypto mining attacks despite the bear market.

Recently, a federal jury convicted two Romanian alleged cybercriminals for spreading malware to steal users credentials and illicitly mine cryptocurrency.

Tags
Nsa
Related Posts
Botnet Exploits SQL Servers to Install Crypto Mining App
Recent reports revealed that a group of hackers behind the Kingminer botnet targeted vulnerable Microsoft SQL server databases to mine cryptocurrencies at some point in the second week of June. According to the cybersecurity firm Sophos, the attackers used the botnet, active since 2018, to exploit the BlueKeep and EternalBlue vulnerabilities, by also accessing through a trojan known as Gh0st, which relies on a remote access malware. Once the SQL server database is infected, the botnet installs a well-known crypto miner software called XMRig, which mines Monero (XMR). There are no details as of press time regarding how many systems …
Altcoin / June 10, 2020
French Police Shut Down 850,000 Computer Botnet Used for Cryptojacking
French police have shut down a massive botnet that has been used for Monero (XMR) cryptojacking. Cryptojacking backed by “massive firepower” BBC News reported the development on Aug. 27. According to the police, the botnet was distributed by sending virus-laden emails with offers for erotic pictures or fast cash, and further propogated through infected USB drives. The virus, called Retadup, ultimately infected 850,000 computers in over 100 countries — thus creating a massive botnet. The chief of C3N — the French police’s cybercrime unit — Jean-Dominique Nollet spoke on France Inter radio about the power of a botnet this size, …
United States / Aug. 28, 2019
XMR Cryptojacking Malware Smominru Updated, Now Targeting User Data
Malware Smominru mines Monero (XMR) on at least half a million infected computers and now also steals sensitive personal data. An updated malware Cybersecurity company Carbon Black claimed that its Threat Analysis Unit “uncovered a secondary component in a well-known cryptomining campaign” in a report published on Aug. 7. According to the firm, the malware has now been updated to “also steal system access information for possible sale on the dark web.” Per the report, the update is part of a broader trend in malware development: “This discovery indicates a bigger trend of commodity malware evolving to mask a darker …
Hackers / Aug. 10, 2019
US Justice Dept. Convicts Two Romanians of Cybercrimes Including Cryptojacking
A federal jury has convicted two Romanian alleged cybercriminals of spreading malware to steal credit card credentials and illicitly mine cryptocurrency, an announcement from the official website of the United States Department of Justice revealed on April 11. The malware allegedly spread by the suspects was reportedly used for cryptojacking and to steal credit card and other data that the suspects would have sold on darknet markets and used to engage in online auction fraud. As the Justice Department press release reports, Bogdan Nicolescu, 36, and Radu Miclaus, 37, were convicted after a 12-day trial. The two individuals were charged …
United States / April 13, 2019
Kaspersky: Cryptojacking Increasingly Popular Attack Vector for Botnets
A new bulletin from Russian internet security company Kaspersky Labs published Nov. 28 states that crypto mining malware became increasingly popular among botnets in 2018. Stealth crypto mining attacks – also know as cryptojacking – work by installing malware that uses a computer’s processing power to mine for cryptocurrencies without the owner’s consent or knowledge. According to Kaspersky, after the crypto market bull run subsided in Jan.-Feb. 2018, interest in cryptojacking also briefly tapered off – yet it has nonetheless remained a consistent and current threat throughout the year. Number of unique users attacked by miners in Q1–Q3 2018 Among …
Cryptocurrencies / Nov. 29, 2018