A new malware-powered attack kit that stitches up two Trojans and a coinminer to mine for data and Monero was observed while scanning for vulnerable machines from China, Taiwan, Italy, and Hong Kong, and spreading itself over the Internet and local area networks.
Trend Micro's Don Ovid Ladores, Michael Jhon Ofiaza, and Gilbert Sison detected the attack kit while it was dropping what looked like random files in the Windows folder of computers who had the 445 port open and ready to be compromised with an SMB exploit targeting the
Windows MS17-010 Server Vulnerability already patched back in 2017.
The multi-stage infection process uses what Trend Micro calls Trojan.Win32.INFOSTEAL.ADS to gain an initial foothold after successfully exploiting its victims, a malware strain which will connect to a command-and-control (C&C) server to send its masters info about the infected host and to grab the next malware payloads.