MalwareBytes cybersecurity experts find 4 campaigns to spread a RAT with different baits but the same custom malware.
Symantec: It’s dubbed “Beapy” and is a cryptojacking campaign that is hitting enterprises in China, exploiting a new variant of EternalBlue
It’s dubbed “Beapy” and is a cryptojacking campaign that is hitting hundreds of businesses in China, exploiting a new variant of EternalBlue. It has been discovered by Symantec cyber security experts. The malware, a worm, is a coinminer that uses email as an initial infection vector. The cybercrime primary targets are the enterprises. A malicious Excel document is delivered to victims as an email attachment. If the recipient opens it, the DoublePulsar backdoor is downloaded onto the target machine. This malicious code, like EternalBlue, was leaked in the Shadow Brokers dump and also used in the destructive WannaCry ransomware attack in 2017. It opens a backdoor on infected machines and allows for remote code execution on compromised computers. Once installed, a PowerShell command is executed, and contact is made with the Beapy command and control (C&C) server, before a coinminer is downloaded onto the target computer.
The cyber security experts: The malware is a file-based coinminer. Its use among cybercrime is increasing thanks its speed in generating cryptocurrency
According to Symantec, Beapy potential impacts for enterprises include a slowdown in devices’ performance, potentially leading to employee frustration and a reduction in productivity; overheating batteries; devices becoming degraded and unusable, leading to higher IT costs, and increased costs due to increased electricity usage, and for businesses operating in the cloud that are billed based on CPU usage. The cryptojacking malware is file-based and can mine cryptocurrency faster than browser-based ones. Its average profit per machine, in fact, is $0.25 against $0.01 of the other. This, considering a botnet size of 100,000 and a mining duration of 30 days for both. Its use is increasing thanks to two factors: browser-based coinminers, after the closure of CoinHive, are falling down. Furthermore the Monero cryptocurrency, the most commonly mined during cryptojacking attacks, dropped in value by 90 percent in 2018. So cybercrime needs to generate it faster to gain profits.