A year on from the vulnerabilities being leaked, attackers are still using leaked NSA tools to power new attacks - this time with the newly uncovered PyRoMine.
A new form of cryptocurrency mining malware uses a leaked NSA-exploit to spread itself to vulnerable Windows machines, while also disabling security software and leaving the infected computer open to future attacks.
The Python-based malicious Monero miner has been uncovered
by researchers at security company Fortinet who've dubbed it PyRoMine. It first appeared this month and spreads using
EternalRomance, a leaked NSA-exploit which takes advantage of what until a year ago had been an undisclosed SMB vulnerability to self-propagate through networks.
EternalRomance helped spread BadRabbit ransomware and is similar in many ways to EternalBlue,
a second leaked NSA exploit which helped fuel
WannaCry and
NotPetya. Both exploits look for public-facing SMB ports, allowing them to deliver malware to networks.