MassMiner malware is a new crypto-currency mining infection, and security researchers learned of its existence at the beginning of May, 2018. We have discussed many crypto-currency related scams and cyber attacks. One of the more interesting articles investigated the possibility of crypto-mining malware slowly replacing ransomware. Besides this new crypto-malware dubbed MassMiner, we have also analyzed comparable variants like JSMiner and Soft Cores Miner.
MassMiner malware is described as a worm, targeting servers. It is an exceptional malware infection and it is capable of transmitting via multiple distribution channels. However, researchers from AlienVault did point out that malware brute-force access to Microsoft SQL. At first, the MassMiner worm will attempt to spread over the local network, but will also try to distribute itself across the wider Internet.
MassMiner worm mines Monero crypto-currency and installs Gh0st backdoor
Researchers are warning the online community that there are multiple versions of MassMiner malware. Therefore, specialists are referring to it as the new malware family, exploiting sophisticated techniques to turn servers into their crypto-mining slaves. Similarly to WannaMine and WannaCry infections, MassMiner also takes advantage of the old EternalBlue vulnerability, found in the Windows SMB service. Furthermore, the MassMiner malware family is also using similar techniques, exploited in the hacks against Equifax and multiple other organizations. Lastly, a highly hazardous bug in Oracle’s Weblogic is also exploited for the purpose of spreading MassMiner infection.
MassMiner malware is considered a huge risk for people, owning vulnerable servers. Since companies lack human resources and funds to properly take care of all potential dangers and bugs, in most cases, researchers are more inclined to focus on Internet-connected services first. However, if there ever was a time when patching vulnerabilities was essential, it is now. Do not leave your company open for a cyber attack, because we doubt that crypto-mining malware and other types of infections will halt their activities. As long as people remain ignorant and don’t take cyber security as one of their priorities, similar accidents will continue to haunt them.
Just like any other mining-malware, MassMiner worm will also mine crypto-currencies. For this objective, the malware will greedily exploit computer resources. It is specified that Monero crypto-currency is the one this malware family mines. However, MassMiner malware has two goals. The first one is the crypto-mining process, and the second one is the installation of a Gh0st backdoor program.
Researchers were able to find crypto-currency wallets of people who are very likely to be the creators of MassMiner malware family. In their wallet, the specialists discovered over a thousand Monero coins, but it is possible that not all of them came from the MassMiner malware. In addition to this, it has been stated that the new malware could be related to Smominru botnet. In one of our articles, we reviewed the Smominru botnet and its activity. The people behind this botnet managed to make more than 3 million dollars from illegal crypto-mining.
Ways to prevent crypto-miners like MassMiner malware from entering your devices
If you do not want for unknown sources to “borrow” your computer resources, we have a couple tis that will help you protect yourself from crypto-mining malware. First of all, it is important that you would regularly update your software and patch vulnerabilities. If not, then your operating system is left exposed to malicious attacks, such as MassMiner malware.
Automatic Malware removal tools