A cryptojacking campaign uses NSA's leaked DoublePulsar backdoor and the EternalBlue exploit to spread a file-based cryptocurrency malware on enterprise networks in China.
Dubbed Beapy by researchers at Symantec, the campaign was reported by other security companies before. Qihoo 360's research team
published details about it and a Trend Micro report followed in mid-April.
However, information from Symantec adds details about the type of victims and attacker's motivation to use a file-based coinminer instead of the easier to deploy browser-based alternative.
Focus on enterprise
The researchers saw the first signs of Beapy in January and that it "is most heavily affecting enterprises in Asia, with more than 80 percent of its victims located in China, with other victims in South Korea, Japan, and Vietnam."
Almost all of its activity focuses on enterprise environments, this sector recording a 98% infection rate.
Seniors targeted in global Facebook scam spreading new Android malware
North Korean spies turn Google's Find Hub into remote-wipe weapon
Microsoft Sway abused in massive QR code phishing campaign
New Realst Stealer Campaign Targets Windows and macOS Systems