WannaCry, the hacking attack that took thousands of computers’ data for ransom over the last week, hasn’t apparently been very lucrative for its makers so far. But another, apparently larger and smarter hacking attack that uses the same exploits, is silently using vulnerable machines across the globe for profit.
This is according to a report by security company Proofpoint, which has discovered the “very large-scale” attack that, instead of encrypting user data and asking for ransom, silently installs a cryptocurrency miner on the victims’ computers.
The attack, Proofpoint claims, uses EternalBlue and DoublePulsar exploits, both of which come from a recently released cache of NSA’s hacking tools. The exploits install a program called Adylkuzz, which mines the Monero cryptocurrency and sends it to its owners. At the time of this writing, one Monero is worth $28.44.
The process of mining uses the computer’s resources — its processor and/or graphics card — to perform complex computations, which in turns “creates” new Monero coins. Running such an operation on one computer wouldn’t result in much financial gain, but with thousands of computers working on the same goal, it can be very lucrative.