Notebookcheck

Hackers target legacy Windows PCs to mine crypto via BlueKeep exploit

The memory log from one of the "honeypot" systems, a computer intentionally left vulnerable to catch the worm. Image via Kevin Beaumont
The memory log from one of the "honeypot" systems, a computer intentionally left vulnerable to catch the worm. Image via Kevin Beaumont
A security researcher discovered the first worm to take advantage of the BlueKeep in older versions of Windows exploit disclosed earlier this year. Machine running Windows 7 and below have a critical security flaw that can allow attackers full access. This attack installed a Monero cryptocurrency miner without tripping any flags other than high CPU usage. Considering the number of organizations and government agencies that still rely on legacy Windows machines, BlueKeep could turn out to be a much larger threat than many realize.

Over the past weekend, a cybersecurity researcher discovered a widespread attack that exploits a vulnerability in older Windows systems. The attacker was able to remotely install a cryptocurrency miner, though the damage could have been much worse.

Kevin Beaumont, a security researcher, discovered the attack after setting up a handful of systems running older versions of Windows. The attack exploited a vulnerability dubbed BlueKeep that takes advantage of a flaw in the Remote Desktop Service feature of older systems.

Working with MalwareTech (Marcus Hutchins), the researcher that found the WannaCry killswitch, Beaumont discovered the worm could invisibly infect vulnerable machines and install a Monero Miner, all without the knowledge of the end-user.

Microsoft announced the vulnerability and released a patch this past May. The company pushed users to install the patch again over the summer. The flaw is so widespread that even the NSA has urged users to update their machines.

Why is this important? BlueKeep affects machines running Windows 7, Windows Vista, Windows XP, Windows Server 2003, and Windows Server 2008 that have the Remote Desktop Service activated. While most individual PC users likely own a machine running Windows 10, several businesses, hospitals, and government agencies still run older versions of Windows. If these organizations haven’t updated their systems with the latest patch, which is likely, their computers may be ticking timebombs.

The security patch for BlueKeep can be found on Microsoft’s website here.

Working For Notebookcheck

Are you a techie who knows how to write? Then join our Team! Especially English native speakers welcome!

Currently wanted: 
News and Editorial Editor - Details here

Read all 2 comments / answer
static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2019 11 > Hackers target legacy Windows PCs to mine crypto via BlueKeep exploit
Sam Medley, 2019-11- 6 (Update: 2019-11- 6)
Sam Medley
Sam Medley - Review Editor - @samuel_medley
I've been a "tech-head" my entire life. After graduating college with a degree in Mathematics, I worked in finance and banking a few years before taking a job as a Systems Analyst for my local school district. I started working with Notebookcheck in October of 2016 and have enjoyed writing news articles and notebook reviews. My areas of interest include the business side of technology, retro gaming, Linux, and innovative gadgets. When I'm not hunched over an electronic device or writing code for a new database, I'm either outside with my family, playing a decade-old video game, or sitting behind a drum set.