WannaMine Can Hack Any System, CrowdStrike Says

According to CrowdStrike security company research, WannaMine XMR miner can hack any system
01 February 2018   2400

Experts in the field of information security from CrowdStrike reported a significant increase in WinnerMine's cyber attacks, intended for the hidden mining of the Monero crypto currency. As part of the program, hackers use the EternalBlue exploit, stolen from the US National Security Agency.

According to experts, in some cases, the work of companies affected by WannaMine, was stopped for several days or weeks. To establish the fact of infection is not easy, because the malicious program does not download any applications to the victim device.

WannaMine employs “living off the land” techniques such as Windows Management Instrumentation (WMI) permanent event subscriptions as a persistence mechanism. It also propagates via the EternalBlue exploit popularized by WannaCry. Its fileless nature and use of legitimate system software such as WMI and PowerShell make it difficult, if not impossible, for organizations to block it without some form of next-generation antivirus.

CrowdStrike Research

It is worth noting that EternalBlue is not the main component of WannaMine. First of all, the program uses the Mimikatz utility in order to get logins and passwords from the computer's memory. If this fails, WannaMine resorts to EternalBlue.Thanks to this feature WannaMine can hack any system, even with the latest updates.

For the first time, WannaMine's attack was recorded by Panda Security experts in October of last year.

Monero Team to Kill Coin Burning Bug

A scenario of a hypothetical attack described by one of the participants of Monero's subreddit helped to identify the bug
26 September 2018   312

Developers of the Monero cryptocurrency have eliminated a bug that could allow intruders to "burn" funds in organizations' wallets, while sacrificing only a small amount in the form of transaction commissions. This is reported in the official announcement of the project.

A scenario of a hypothetical attack described by one of the participants of Monero's subreddit allowed to identify the bug.

Practically speaking this bug is exploited as follows. An attacker first generates a random private transaction key. Thereafter, they modify the code to merely use this particular private transaction key, which ensures multiple transactions to the same public address (e.g. an exchange's hot wallet) are sent to the same stealth address. Subsequently, they send, say, a thousand transactions of 1 XMR to an exchange. Because the exchange's wallet does not warn for this particular abnormality (i.e. funds being received on the same stealth address), the exchange will, as usual, credit the attacker with 1000 XMR. The attacker then sells his XMR for BTC and lastly withdraws this BTC. The result of the hacker's action(s) is that the exchange is left with 999 unspendable / burnt outputs of 1 XMR.

dEBRUYNE at Get Monero

Monero developers note that this method does not allow the attack organizer to directly receive the XMR coins deposited in this way. However, an attacker can withdraw XMR through bitcoins, and the exchange will remain with 999 non-consumable or "burned" outputs from 1 XMR.

The created fix was privately distributed to exchanges and large merchants, in order not to attract unnecessary attention to the time of elimination of problems. According to the developers, the exploit was not used to perform real attacks.

In early August, because of the critical bug in the code of Monero, which allows to manipulate the amount of transactions, Livecoin suffered losses exceeding $ 1.8 million.