IT Security company ESET recently released a report detailing a piece of malware that used unpatched systems to install a Monero miner onto unsuspecting users’ computers. The report explains that the hackers behind this malware used a vulnerability in Microsoft IIS 6.0 servers, known as CVE-2017-7269, to install the Monero miner onto computers. Once the miner was inside, it used the infected computer’s resources to mine the cryptocurrency Monero. The crooks managed to make $63,000 in just a couple of months this way.
“To achieve this, attackers modified legitimate open source Monero mining software and exploited a known vulnerability in Microsoft IIS 6.0 to covertly install the miner on unpatched servers. Over the course of three months, the crooks behind the campaign have created a botnet of several hundred infected servers and made over USD 63,000 worth of Monero,” ESET’s Peter Kalnai and Michal Poslusny explain in their report.
How systems got infected
The vulnerability that was used to install the miner has been known since March 2017, and according to ESET, it is highly open to exploitation. Since the vulnerability is located in the webserver service, it can be easily accessed and exploited by anyone. The cyber criminals would search for vulnerable systems and would insert the exploit code, which would then download the Monero miner.
ESET researchers note that the crooks only modified legitimate open source Monero mining software and used a known exploit to infect.
“Both the exploit and the crypto miner payload were slightly modified versions of publicly available source code, and all it took was minimal knowledge and few internet searches,” Michal Poslusny told BleepingComputer.
Cryptocurrency miners are pretty easy to notice as they severely affect your system. Your computer will run much slower than usual, programs will take longer to launch and crash constantly. If you check your CPU’s power usage, you will notice particularity high numbers. The miner is essentially using your computer’s resources to make money. This is particularly unhealthy to your CPU, the constantly high temperature could shorten its lifespan pretty significantly.
The update that patches this vulnerability has been available since June, and if you are yet to install it, do it now. And you may want to pay closer attention to the updates Microsoft provides you because this is certainly not the last time cyber criminals will take advantage of vulnerable system to make money.