If you think the global panic over the WannaCry ransomware is over, think again.
On the heels of the WannaCry fiasco, which has crippled mission-critical industries such as healthcare, power and banking, reports are now emerging that another malware has gone around silently infecting hundreds of thousands of PCs globally.
The culprit, Adylkuzz, is a malware that infects devices through the same vulnerability as the currently widespread WannaCry ransomware. However, Adylkuzz is not ransomware.
Instead of encrypting files on vulnerable devices in exchange for a ransom, it silently buries itself in the background and steals computing resources or what we know as processing power to mine cryptocurrency – all without the user’s knowledge or consent.
According to McAfee, the dangers of Adylkuzz mainly lies in the nature of malware, where it lies undetected as it silently infects systems and is difficult for the layman to realise that he or she is under attack. Among the symptoms are sluggish PC and server performance and loss of access to shared Windows resources.
Usually, a single computer at home or in the office might not be powerful enough to mine cryptocurrency due to the limited computing power available.
However, by infecting hundreds of thousands of PCs around the world, the large amount of computing resources can be pooled together to mine cryptocurrency in a faster and more effective way.
Mining in this instance basically means generating more cryptocurrencies. The process requires a huge amount of processing power to solve complicated math problems required every time a transaction is made around the world.
By doing enough of the number crunching, miners get rewarded with a “commission” for the transaction, which is the prime motivation for global-scale mining.
It is interesting that Adylkuzz only mines Monero, one of the many types of cryptocurrencies in existence.
Monero might not be the most popular cryptocurrencies around as Bitcoin remains the most popular along with the likes of Etherium and NEM.
However, the choice of Monero is due to its enhanced anonymity capabilities according to McAfee Asia Pacific chief technology officer Ian Yip.
“Everyone that uses Monero has privacy automatically applied to their transactions. Bitcoin on the other hand, has a lack of privacy.”
“If a seller provides his/her bitcoin wallet address to a buyer for payment purposes, the buyer will know exactly how much the seller has in his/her Bitcoin wallet. The seller can also have insight into your entire transaction history.”
According to the company, there are no reported cases of Adylkuzz attacking computers in South-East Asia.
However, Yip warned that this does not mean that the attack has not already made its way here due to its stealthy nature and the fact that affected users, who do not have the appropriate solutions to safeguard against such attacks, may not be aware that they have already been compromised.
“We believe that some companies may have mistaken the Adylkuzz attack for WannaCry as the attacks started sometime between April 24 and May 2. Similar to WannaCry, the Adylkuzz attack makes use of the same Windows vulnerability to infect computers,” said Yip.
“Any system that has not been patched is susceptible to Adylkuzz, so we strongly urge governments and organisations to have an aggressive patching plan in place to mitigate these threats.”
While Adylkuzz might have already infected PCs around the world, McAfee noted that it’s not a new variant as the company has seen samples from as far back as October 2014, but has only seen increased usage since April this year.
“McAfee Labs conducted a comparison of the Adylkuzz code and found that the Adylkuzz virus has not evolved significantly throughout the years. As this is old malware, McAfee has long had detection for it.”
“We urge customers to follow the generic guidelines for blocking, whenever possible, the network ports used by the exploit to avoid further infections.”
Prevention is still the best cure for many forms of malware.
If you have yet to update your operating system to the latest version, or apply the patch provided by Microsoft for older Windows such as XP, Vista and Windows 2000, it’s best to do so now.