New Crypto-Mining Malware Targeting Asian Firms With NSA Tools

A new form of malware discovered by Symantec is targeting enterprises using leaked NSA tools to infect networks and mine monero.

Apr 26, 2019 at 10:00 a.m. UTC
Updated Sep 13, 2021 at 9:06 a.m. UTC

A new form of malware is targeting enterprises in Asia to mine monero (XMR) cryptocurrency.

Cybersecurity software provider Symantec published the news in a blog post Wednesday, saying that over 80 percent of victims are located in China, with nations such as South Korea, Japan and Vietnam also seeing activity.

Dubbed "Beapy," the malicious code is a file-based crypto miner, not a browser-based one, the firm said. It works by sending a malicious Excel file to victims as an email attachment, downloading the DoublePulsar backdoor onto the victim’s system if the file is opened.

DoublePulsar (notably developed by the U.S. National Security Agency before it was stolen then released to the public in 2017) was also used in the WannaCry ransomware attack in 2017, according to the post.

Once DoublePulsar is installed on to a victim’s machine, the miner is downloaded. At the same time, it uses another leaked NSA tool, EternalBlue, to propagate across the infected network via unpatched computers where it can steal credentials to further access patched machines.

Cryptojacking malware can have a major impact on enterprises, Symantec said, including slowing down device performance, reducing employee productivity and increasing costs.

Although cryptojacking activity has decreased by about 52 percent over the last year, it is still an area of interest among hackers which largely target businesses.

Symantec said:

“Looking at the overall figures for cryptojacking, we can see that there were just under 3 million cryptojacking attempts in March 2019. While a big drop from the peak of February 2018, when there were 8 million cryptojacking attempts, it is still a significant figure.”

The firm said it first noticed Beapy in January of this year, but activity has increased since early March.

Monero's privacy features make it by far the most popular cryptocurrency among hackers deploying mining malware. A recent academic study estimated that cybercriminals have mined around 5 percent of the total monero in circulation.

Earlier this year, researchers at cybersecurity firm Palo Alto Networks discovered a form of malware that takes administrative control to first uninstall cloud security products and then injects code to mine monero. The same team also discovered another variant that steals browser cookies and other information on Apple Mac computers to directly steal cryptocurrencies.

Symantec image via Shutterstock 

The Festival for the Decentralized World
Thursday - Sunday, June 9-12, 2022
Austin, Texas
Save a Seat Now

DISCLOSURE

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

Trending

1
CoinDesk - Unknown
Jae Kwon Returns to ‘NewTendermint’ to Battle for the Soul of Cosmos

Ignite, which rebranded from Tendermint in February, will split into two entities: Ignite and NewTendermint.

Ignite, which rebranded from Tendermint in February, will split into two entities: Ignite and NewTendermint.

CoinDesk - Unknown
2
CoinDesk - Unknown
Crypto Whales Ditched Tether for USDC After Stablecoin Panic

The UST failure prompted large investors on the Ethereum blockchain to leave USDT for the perceived safety of its biggest competitor.

The UST failure prompted large investors on the Ethereum blockchain to leave USDT for the perceived safety of its biggest competitor.

CoinDesk - Unknown
3
CoinDesk - Unknown
FTX’s Bankman-Fried Pitches CFTC on Directly Clearing Customers’ Crypto Swaps

The crypto exchange’s founder and CEO made his case at a Washington D.C. roundtable, while mainstream derivatives firms painted his ideas as dangerous.

The crypto exchange’s founder and CEO made his case at a Washington D.C. roundtable, while mainstream derivatives firms painted his ideas as dangerous.

CoinDesk - Unknown
4
CoinDesk - Unknown
Terra lanzaría su snapshot esta semana: cómo serán distribuidos los 'nuevos' LUNA

El suministro de tokens en la nueva blockchain será de poco más de $116 millones, dijeron los desarrolladores.

El suministro de tokens en la nueva blockchain será de poco más de $116 millones, dijeron los desarrolladores.

CoinDesk - Unknown