Security News Adylkuzz, the new virus that follows in WannaCry’s footsteps

spaceoctopus

spaceoctopus

Level 16
Thread author
Verified
Top Poster
Content Creator
Well-known
Jul 13, 2014
766
Adylkuzz, the malware that steals virtual money from thousands of computers
All investigations seem to indicate that WannaCry, the global attack that shocked the world last week, was just the tip of the iceberg in terms of cyber-security threats. The new cyber-attack currently underway, called Adylkuzz, is potentially much more dangerous than its predecessor, as it is designed to steal virtual money from computers without users’ knowledge.

Instead of locking computer files and demanding a ransom for them, just like WannaCry did, this new malware has infected thousands of computers silently, turning them into zombies in the hands of cyber-crooks. Adylkuzz is a botnet that creates a network of compromised computers it can remotely control, and worse still, it has been active since April 24.
 
  • Like
Reactions: silversurfer, Fritz, Parsh and 6 others
GonzitoVir

GonzitoVir

Level 5
Verified
Well-known
May 16, 2017
200
Active since April 24 but haven't made it in the news until now, probably because it's not as immediately catastrophic as Wannacry.
They say Adylkuzz follows Wannacry steps, but differ in the way they operate and their goals.
Thank you for the share spaceoctopus!
 
  • Like
Reactions: spaceoctopus
Fritz

Fritz

Level 11
Verified
Top Poster
Well-known
Sep 28, 2015
543
Well I'm not worried about the virtual money since I got as much of that as in cold, hard cash. :D

The botnet part is bad of course. Has anyone thrown that boy against an AV yet?
 
  • Like
Reactions: spaceoctopus
GonzitoVir

GonzitoVir

Level 5
Verified
Well-known
May 16, 2017
200
The large-scale attack, said to have easily infected more endpoints that WannaCry, predates the widely publicized ransomware threat by more than a week. Bitdefender confirmed the findings of security firm Proofpoint today, showing that Adylkuzz:

- uses the same EternalBlue exploit as WannaCry (alongside the NSA backdoor called DoublePulsar)
- packs a Trojan horse containing a Monero (electronic currency similar to Bitcoin) mining tool
- blocks Microsoft Server Message Block (SMB) on TCP port 445 ensuring persistency on the victim’s computer

Here’s the irony, though: because it exploits the same vulnerability as the WannaCry ransomware, and because it blocks the vulnerable 445 port, Adylkuzz is actually helping reduce the number of WannaCry infections out there.

Source: As WannaCry Makes Headlines, Stealthier Adylkuzz Cryptocurrency...
 
  • Like
Reactions: shmu26, Andy Ful, Weebarra and 2 others
tryfon

tryfon

Level 2
Verified
May 13, 2017
76
We should keep seeing more and more malware samples utilizing these exploits in the future
 
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
Malware News The Week in Ransomware - April 19th 2024 - Attacks Ramp Up
Replies
0
Views
1,715
Security News
Gandalf_The_Grey
Gandalf_The_Grey
oldschool
    • +Reputation
    • Like
    • Thanks
Security News Why it’s time to take warnings about using public Wi-Fi, in places like airports, seriously
Replies
3
Views
1,530
Security News
bazang
bazang
Gandalf_The_Grey
    • Like
    • +Reputation
The Week in Ransomware - May 19th 2023 - A Shifting Landscape
Replies
0
Views
1,271
News Archive
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top