Hackers target legacy Windows PCs to mine crypto via BlueKeep exploit

The memory log from one of the "honeypot" systems, a computer intentionally left vulnerable to catch the worm. Image via Kevin Beaumont

A security researcher discovered the first worm to take advantage of the BlueKeep in older versions of Windows exploit disclosed earlier this year. Machine running Windows 7 and below have a critical security flaw that can allow attackers full access. This attack installed a Monero cryptocurrency miner without tripping any flags other than high CPU usage. Considering the number of organizations and government agencies that still rely on legacy Windows machines, BlueKeep could turn out to be a much larger threat than many realize.

Sam Medley, Published 11/06/2019

Over the past weekend, a cybersecurity researcher discovered a widespread attack that exploits a vulnerability in older Windows systems. The attacker was able to remotely install a cryptocurrency miner, though the damage could have been much worse.

Kevin Beaumont, a security researcher, discovered the attack after setting up a handful of systems running older versions of Windows. The attack exploited a vulnerability dubbed BlueKeep that takes advantage of a flaw in the Remote Desktop Service feature of older systems.

Working with MalwareTech (Marcus Hutchins), the researcher that found the WannaCry killswitch, Beaumont discovered the worm could invisibly infect vulnerable machines and install a Monero Miner, all without the knowledge of the end-user.

Microsoft announced the vulnerability and released a patch this past May. The company pushed users to install the patch again over the summer. The flaw is so widespread that even the NSA has urged users to update their machines.

Why is this important? BlueKeep affects machines running Windows 7, Windows Vista, Windows XP, Windows Server 2003, and Windows Server 2008 that have the Remote Desktop Service activated. While most individual PC users likely own a machine running Windows 10, several businesses, hospitals, and government agencies still run older versions of Windows. If these organizations haven’t updated their systems with the latest patch, which is likely, their computers may be ticking timebombs.

The security patch for BlueKeep can be found on Microsoft’s website here.

Source(s)

Double Pulsar (Kevin Beaumont)

IMF advises that the exponential expansion of cryptocurrencies threatens financial stability 10/06/2021

Over 20GB of confidential design data and files were stolen from Intel in a security breach (Image source: Panda Security)

Hackers steal over 20GB of confidential design data from Intel in massive data breach 08/07/2020

Intel y los fabricantes de equipos originales han matado a los subvoluntarios y hay poco que se pueda hacer al respecto. 06/24/2020

Intel and OEMs have killed undervolting and there is little that you can do about it 06/24/2020

The Chrome extensions stole data from over 32 million people (Image source: Panda Security)

“Massive criminal surveillance campaign” of malicious Google Chrome extensions stole data from over 32 million users: do you have these installed? 06/19/2020

Microsoft could make cryptomining great again. (Image Source: Kryptographe)

Microsoft could revolutionize cryptomining with user body activity proof-of-work 03/27/2020

While xHelper can be removed by antivirus software, it will soon reinstall itself. (Image via Malwarebytes forum user Amelia)

Android trojan xHelper can reinstall itself after removal and factory reset 02/15/2020

The vulnerability could impact every Windows system released in the past 20 years (Image source: Microsoft)

The NSA reports "extraordinarily serious" Windows flaw to Microsoft: The US military's already received an update 01/14/2020

The Communication Limits feature in iOS 13.3 can easily be bypassed. (Image via Apple)

New bug in iOS 13.3 allows kids to circumvent Communication Limits parental controls 12/14/2019

Report a verifiable Titan M hack, get up to $1 million. (Source: F3News)

Google now offers a US$1 million bounty for Titan M chipset vulnerabilities 11/23/2019

The page on which a user can update to Windows 10 1909. (Source: Microsoft)

Microsoft rolls the November 2019 update out for Windows 10 devices 11/13/2019

The daily average use of DuckDuckGo since 2010 has grown exponentially. Image via DuckDuckGo

DuckDuckGo, the privacy-focused search engine, hits 50 million daily searches 11/06/2019

November 2019 Android security update now available for Pixel phones, but not the original Pixel 11/04/2019

A sizeable proportion of eligible consumers are still wary about smart-home products. (Source: Parks Associates)

Research finds privacy concerns put US consumers off buying smart home products 10/30/2019

Smartwatches are increasingly popular, but could be more secure. (Source: TechRadar)

Nok Nok Labs claims that its new SDK can make smartwatches more secure and better equipped to take over from phones 10/27/2019

UK banks remove mobile bank services and apps from Samsung Galaxy S10 10/24/2019

Samsung releases update to patch fingerprint scanner flaw 10/23/2019

A new vulnerability may open a way for a jailbreak for almost every iPhone ever made. (Image via Hindustan Times)

New exploit, dubbed checkm8, might lead to permanent jailbreak for multiple iPhone models 09/28/2019

An infected directory showing files with a

Lilu/Lilocked ransomware has now infected thousands of Linux servers 09/08/2019

Malware is now a problem when downloading textbooks. (Source: Wikipedia)

Kaspersky claims to have found malware in digital college textbooks 09/06/2019

Apple accidentally rolls back security patch in iOS 12.4 update, making jailbreaking possible 08/20/2019

Security researchers load ransomware onto DSLR over WiFi and encrypt photos in WannaCry-styled attack 08/12/2019

Apps like Facebook Messenger and WhatsApp may need redesigns thanks to iOS 13's background access restrictions 08/07/2019

Microsoft security researchers discover new cyber attack through Internet of Things connected devices 08/06/2019

Read all 2 comments / answer

Loading Comments

Comment on this article

Xerox could take over HP, report re...

Apple seeds first developer beta of...

Sam Medley - Senior Tech Writer - 1276 articles published on Notebookcheck since 2016

I've been a computer geek my entire life. After graduating college with a degree in Mathematics, I worked in finance and banking a few years before taking a job as a database administrator. I started working with Notebookcheck in October of 2016 and have enjoyed writing news and reviews. I've also written for other outlets including UltrabookReview and GeeksWorldWide, focusing on consumer guidance and video gaming. My areas of interest include the business side of technology, retro gaming, Linux, and innovative gadgets. When I'm not writing on electronics or tinkering with a device, I'm either outside with my family, enjoying a decade-old video game, or playing drums or piano.

Please share our article, every link counts!

> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2019 11 > Hackers target legacy Windows PCs to mine crypto via BlueKeep exploit

Sam Medley, 2019-11- 6 (Update: 2019-11- 6)

Hackers target legacy Windows PCs to mine crypto via BlueKeep exploit

Source(s)

Related Articles