Adylkuzz, the malware that steals virtual money from thousands of computers

All investigations seem to indicate that WannaCry, the global attack that shocked the world last week, was just the tip of the iceberg in terms of cyber-security threats. The new cyber-attack currently underway, called Adylkuzz, is potentially much more dangerous than its predecessor, as it is designed to steal virtual money from computers without users’ knowledge.

Instead of locking computer files and demanding a ransom for them, just like WannaCry did, this new malware has infected thousands of computers silently, turning them into zombies in the hands of cyber-crooks. Adylkuzz is a botnet that creates a network of compromised computers it can remotely control, and worse still, it has been active since April 24.

How does it work?

This malware works as follows: Once it has infected a machine, it downloads a series of commands in order to generate cryptocurrency (something which is completely legal), and then extracts it.

Specifically, Adylkuzz forces computers to generate cyber-cash by means of a process called ‘cryptocurrency mining’, and sends it to its owners.

Hackers are using a botnet to force victims to generate cyber-cash

To get an idea of how much money hackers are making, it is important to understand what ‘cryptocurrency mining’ is. Cryptocurrency mining is an activity which, when carried out voluntarily, is completely legal and constitutes an interesting source of income.

Digital currencies, such as Bitcoin, are based on cryptography and the Blockchain technology, which works as a digital ledger that keeps a continuously growing list of records, called blocks, of all transactions that take place across a peer-to-peer network. Every time a transaction occurs between the members of this network, it needs to be verified and validated by some members of the network called ‘miners’.

However, for these miners to be able to process those blocks, a number of complex mathematical calculations are required that use a huge amount of computer resources. And that’s why these miners need to be compensated. For every verified transaction file that is created every 10 minutes, miners are rewarded with bitcoins for their services.

What Adlykuzz does is turn the computers it infects into part of the Blockchain network, using most of their memory resources for the mining process, without users realizing. However, Adlykuzz prevents the owners of the compromised computers from earning any cyber-cash, sending it instead to the malware writers.

The latest investigations indicate that the attack may have infected hundreds of thousands of computers, generating millions of dollars in cryptocurrency for the unknown attackers, as the malware has been active for more than a month now.

Other risks posed by this botnet

This botnet, which apparently is ‘only’ being used to steal money, could also be creating an army of computers waiting to be awakened in order to launch another global attack.

Just like WannaCry, Adylkuzz takes advantage of a vulnerability uncovered by the US National Security Agency (NSA), and archived for study. However, a cyber-gang known as Shadow Brokers managed to break into the NSA’s systems and leaked this exploit they are calling Eternal Blue.

Since this backdoor became public, we have seen at least two cyber-crime groups take advantage of it to infiltrate thousands of computers. However, we cannot be sure that there aren’t other groups also exploiting this flaw and which haven’t been discovered yet,” explained Herve Lambert, Global Consumer Operations Manager at Panda Security.

In light of the current wave of cyber-attacks, it is vital that both home users and businesses keep their operating systems up-to-date. “If, in addition to that, you have a security system in place capable of tracking and reporting any unauthorized use of your computer resources, you will be doing the right thing to keep yourself protected,” Lambert said.