Published: Tue, November 05, 2019
Electronics | By Kelly Massey

Hackers Infect PCs With Cryptocurrency Miners Using BlueKeep Remote Desktop Security Flaw

Hackers Infect PCs With Cryptocurrency Miners Using BlueKeep Remote Desktop Security Flaw

This exploit is being used to install cryptocurrency miners which hog the resources of victim's systems by running in the background.

Believed to have been first reported by cyber-security researcher, Kevin Beaumont, the BlueKeep campaign is apparently being carried out at least over the past two weeks. It said that in order to exploit the vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP. In its place, the hackers surface to look for for Windows methods with RDP ports remaining uncovered on the world wide web, deploy the BlueKeep Metasploit exploit, and later on a cryptocurrency miner. Hutchin noted that the attack likely used a predefined list of vulnerable machines.

Security researchers, including Beaumont who originally named the vulnerability and Marcus Hutchins, also known as "MalwareTech", who was responsible for hitting the kill switch that stopped the WannaCry bug, have confirmed that a widespread BlueKeep exploit attack is now currently underway. "An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights", Microsoft said in a statement.

BlueKeep affects older versions of Microsoft's OS, including XP, Windows 7, Windows 2003 and Windows Server 2008. Their decision to avoid publishing proof-of-concept attacks was driven in part by the sheer number of vulnerable machines exposed to the internet - estimated to be as many as 1 million systems at the time the flaw was revealed.

Hutchins was quoted as saying by the Wired that "BlueKeep has been out there for a while now".

Red Dead 2 PC: 17 New Gorgeous Images
So if Red Dead Redemption 2 is playable in the UK at 1pm, this will mean 5am PT and 8am ET in the United States. Unlike most other releases, Red Dead Redemption 2 isn't unlocking at 12 AM EDT on November 5.

However, it is not the fast-spreading self-replicating worm that some experts had feared. Exploits had been shared privately between security researchers since Microsoft's May patch, but it wasn't known to have been exploited in the wild until now.

Hutchins suspected they're due to a BlueKeep worm making the rounds. Just a cryptocurrency miner. "However, it is clear people now understand how to execute attacks on random targets, and they are starting to do it".

Attackers are finally using the so-called BlueKeep flaw in pre-Windows 10 machines. It's said that almost 1 million systems were found vulnerable even a month after patches were released. Furthermore, he thinks it's remarkable that BlueKeep took this long to "get detectably weaponized".

"I've seen been through all the honeypots and all but one show signs of being compromised using BlueKeep exploits, normally several times a day".

Like this: