WannaMine seems to be mining Monero, an alternative form of cryptocurrency that is relatively easy to mine. The malware can infect a PC via a targeted attack or when a user clicks on a malicious link.
What is the problem?
There are several serious problems with WannaMine. First, the way in which it tries to make maximum use of the processor and RAM places the computer under great strain. Eventually the computer will begin to fail, requiring costly repairs – or even complete replacement.
The second major problem is to do with the way in which WannaMine spreads itself. Initially there is nothing unusual about the malware – users are tricked into downloading the malware via email attachments or infected websites. Once installed however, WannaMine uses some very clever tricks to spread across the network.
What does WannaMine do?
At the most basic level, WannaMine has been designed to mine a cryptocurrency called Monero. The malware silently infects a victim’s computer, and then uses it to run complex decryption routines that create new Monero. The currency is then added to a digital wallet belonging to the hackers, ready to be spent whenever they choose.
This may sound relatively harmless, but the mining process takes priority over legitimate activities. An infected computer begins to slow down – a particularly frustrating experience for users.
It first uses a tool called “MimiKatz” to recover logins and passwords from system memory and try to infiltrate the system once. If that fails, WannaMine turns to the EternalBlue exploit to complete the task and break in.
Once the attack is successful, WannaMine quietly uses the CPU processing power to generate Monero coins in the background. “The WannaMine worm uses advanced techniques to maintain persistence within an infected network and move laterally from system to system,” the researchers said. “In one case, a client informed CrowdStrike that nearly 100% of its environment was rendered unusable due to overutilisation of systems’ CPUs.”
Q. Is WannaMine like WannaCry? Is it ransomware that scrambles my disk?
A. The name “WannaMine” is a portmanteau word that refers to a malware family that uses the network spreading capabilities of WannaCry to deliver cryptomining malware rather than ransomware.
Q. If I don’t own any cryptocoins and I’m not part of the cryptocurrency scene, am I still at risk?
WannaMine malware attacks aren’t trying to locate your digital cryptocurrency stash and steal it.
They want free use of your computer for cryptomining calculations of their own, whether you’re interested in cryptocurrency or not.
Q. What is cryptomining malware? Is it as dangerous as ransomware?
A. Cryptomining is when crooks secretly get your computer to do the calculations needed to generate cryptocurrency, such as Bitcoin, Monero or Ethereum; the crooks keep any cryptocoin proceeds for themselves.
To make money with cryptomining, you need a lot of electricity to deliver a lot processing power on a lot of computers.