What is Adylkuzz?
It is a Cryptocurrency miner that exploits the same vulnerability which was exploited by WannaCry. Unlike WannaCry, it does not lock the system and ask for ransom, it lets the system be accessible to the user. It uses the computation power of that system to generate Cryptocurrency ‘Monero’.
What is Monero?
Like Bitcoin, Monero is also a Cryptocurrency. It is an open source, secure, private and untraceable currency. It uses the CryptoNote protocol and have significant algorithmic differences related to blockchain obfuscation. To generate a new Monero coin, it has to perform complex computations, which requires a lot of processing (like processor and / or graphics card).
How does Adylkuzz work?
- It uses the same ‘EternalBlue’ and ‘DoublePulsar’ exploits, which were used by WannaCry to infect machines with a different piece of malware
- Once exploited, the Trojan installs cryptocurrency miner on the infected system
- It blocks port 445 and stops SMB (Shared services like printer, file sharing, etc.)
- The attacker uses the system processing power to mine new Monero coins
- It keeps itself hidden from monitoring authorities by not appearing on monitoring tools (task manager, Microsoft management console, etc.)
- Interestingly, it keeps the system safe from other virus attacks
It means that systems affected by Adylkuzz will not be vulnerable against WannaCry ransomware.
How to detect it?
- It is really tough to detect, as it does not immediately stop the user from using the system
- In the long term, the user will experience slowness in his system
- The server response will degrade with time
- The user will lose access of shared resources
What is its impact?
- Unlike WannaCry ransomeware, It is a silent killer which is designed to remain undetected
- It is believed that this has been active from as early as 24 April 2017 and has infected more than 200,000 computers
- It has also raked in more than 1$ million, which is far more than WannaCry ransomeware in term of monetary loss
- Due to its silent nature, people are still not aware of it and it continues to infect more computers
How to fix it?
- Update your PC’s software with the latest patches
- If your Anti-virus software is updated, it should be able to detect this malware
How to prevent it?
- Keep all your software up to date
- Install a good anti-virus and keep it up to date
- Follow best practices for browsing on web
- Follow best practices for instant messaging
- Follow best practices for E-mail