Adylkkuzz malware has been in the wild longer, but with more stealth to remain undetected while stealing digital cash.
Naked Security reports:
Weeks before the WannaCry ransomware worm tore up the internet by exploiting a leaked NSA exploit, another strain of malware was already doing it. That malware, Adylkuzz, is a cryptocurrency miner that, like WannaCry, has likely infected hundreds of thousands of computers across the globe.
Though the WannaCry rampage didn’t happen until May 12, the hacking group known as Shadow Brokers leaked NSA exploit tools a month before. SophosLabs and others have concluded that WannaCry spread with the help of the NSA’s EternalBlue Exploit (CC-1353). The exploit targets a Windows vulnerability Microsoft released a patch for in March. That flaw was in the Windows Server Message Block (SMB) service, which Windows computers use to share files and printers across local networks. Microsoft addressed the issue in its MS17-010 bulletin.
Adylkuzz has used that and another exploit divulged in the Shadow Brokers leak called DoublePulsar. Fortunately, SophosLabs has been detecting and blocking it from harming customer computers.
Researchers at Proofpoint said the Adylkuzz attack is designed to generate digital cash. It wasn’t previously discovered because, unlike WannaCry, it allows computers to operate while creating the digital cash in the background.