EternalBlue Exploit Serves Beapy Cryptojacking Campaign

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
A cryptojacking campaign uses NSA's leaked DoublePulsar backdoor and the EternalBlue exploit to spread a file-based cryptocurrency malware on enterprise networks in China.
Dubbed Beapy by researchers at Symantec, the campaign was reported by other security companies before. Qihoo 360's research team published details about it and a Trend Micro report followed in mid-April.

However, information from Symantec adds details about the type of victims and attacker's motivation to use a file-based coinminer instead of the easier to deploy browser-based alternative.

Focus on enterprise

The researchers saw the first signs of Beapy in January and that it "is most heavily affecting enterprises in Asia, with more than 80 percent of its victims located in China, with other victims in South Korea, Japan, and Vietnam."

Almost all of its activity focuses on enterprise environments, this sector recording a 98% infection rate.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top