Distributed database that is used to maintain a continuously growing list of records, called blocks.
New Trojan uses a NSA hacking tool to infect computers with Windows. The virus uses available resources on a PC to mine XMR (Monero).
Russian antivirus Dr.Web spotted this virus first. This trojan was discovered under the generic name Trojan.BTCMine.1259. Malware uses an NSA hacking tool named Doublepulsar. It is used to infect computers running non-secure Server Message Block (SMB) services – a network protocol that is being used for sharing files, printers, and serial ports.
Once infected, the virus creates a "backdoor" that allows the hackers to execute code on a machine. Then the NSA’s Doublepulsar exploit is being used to download an original malware loader onto the infected PC. Then the computer is scanned to determine if enough resources are available to execute its payload. If resources are available, a generic malware loader will download a cryptocurrency miner program and begin to mine XMR for the hacker’s wallet. Experts also note interesting "feature" - virus is able to shut itself down when Task Manager is launched, allowing the malware to remain unspotted.
Trojan.BtcMine.1259 is not the first "mining" virus that uses the Doublepulsar exploit. A similar virus Eternalminer was detected last week. It targets Linux for XMR mining. Wannacry also incorporated Doublepulsar into its protocol, using the exploit as the basis for the SMD worm.
Doublepulsar exploited was spotted in April 2017 by Shadow Brokers with reports that over 36,000 computers had been infected by various viruses utilizing the exploit on April 21st. In April, experts suggested that the real number of infected machines was over 100000. The number of infected computers is now estimated to around 16000, due to Windows system update MS17-010.