CrazyCoin is the newest virus that researchers recently discovered. It spreads through the EternalBlue exploit kit and it incorporates many capabilities in its arsenal.
According to researchers, CrazyCoin incorporates mining, hacking and “backdoor” modules that are dangerous. So, after it manages to reach a user’s machine and infect it, the virus downloads mining and data-stealing modules. Then, it plants the Double Pulsar backdoor program. Thus, each of the modules can cooperate with one another and develop their own activities.
After they found the virus, the 360 Baize Labs researchers mentioned that the script was very dangerous. “The powershell script is responsible for downloading various modules to the victim’s machine for execution,” they mentioned. Also, they added that the attackers use the mining module in the virus to mine Monero and HNS coins.
It steals sensitive documents
Moreover, the virus’ stealing module also steals sensitive documents from the victim’s computers. Among these, there are passwords, bitcoin wallets and also ID cards. Then, it sends the stolen information back to a server. The attackers control and handle this server.
Researchers warn the users about a few important things that CrazyCoin does. One of the them is that it supports EternalBlue to proliferate across systems. This exploit kit is abusing a vulnerability in the Server Message Block (SMBv1). So, one of the most important things is to always update security patches against it.
The vulnerability exists on the grounds that the SMB version 1 server in different variants of Microsoft Windows mishandles exceptionally created packets from remote attackers. Thus, it allows them to execute arbitrary code on the targeted computer.
Also, researchers say that the new virus listens and receives commands on port 3611.
During this period, attackers seem to be more prepared to exploit any weaknesses in the systems. At the same time, researchers try to discover and find solutions for these threats and solve them immediately. And they tend to focus on crytpocurrencies more than they did before.