Once again, cryptocurrency malware is hit with new clever scam that uses National Security Agency (NSA) Exploits to disable security features on Windows computer. As we all know, cryptocurrencies are being in such high demand, it is no wonder that cyber culprits are leveraging cryptocurrency in several different forms as a platform for newly developed threats to attack.
As FortiGuard lab, a new python-based malware that is currently leveraging exploit kits to distribute and utilizes mine cryptocurrency, discovered as PyRoMine. It is one of many threats to leverage the ETERNALROMANCE exploit kit to infiltrated over target computer. Within the crosshairs of PyRoMine lies many vulnerable systems that can be attacked by a stand alone executable file, which is the premises of hackers utilizing Python-based compiler to bundle the malware into a single entity. Fundamentally, use of a Python-based threat is a much easier method for attacking vulnerable computers, which is done using the PyInstaller to package a program written in Python to be a stand alone executable file that may be included in a downloaded ZIP file.
Moreover, the exploit kit ETERNALROMANCE and ETERNALBLUE two exploits developed by NSA, once used in taking advantage of a vulnerabilities within Microsoft’s Server Message Block(SMB). Where as these kind of exploit kit is a software package or a tool kit that cyber hackers or a computer programmer use to perform targeted work or deliver other software in an unconventional method. Although, the PyRoMine malware enables Remote Desktop Protocol on the targeted system so that it can open target machine to further attacks. Also it will use malicious URL with an executable file containing PyInstaller. To make system more vulnerable and functionality makes easier, the NSA ETERNALBLUE exploits allows it to gain system privileges which allow cyber culprits to gain full control on the target system. Afterward they use Monero cryptocurrency on dedicated machine that utilizes a large amount of computer power.