A piece of crypto-mining malware is using sophisticated tools for its operations, including a Windows exploit linked to the National Security Agency, security researchers warn.

Dubbed WannaMine, the crypto-mining worm spreads using EternalBlue, the NSA-linked tool that became public in April 2017, just one month after Microsoft released a patch for it.

Leveraging a vulnerability in Windows’ Server Message Block (SMB) on port 445, the exploit became famous after the WannaCry ransomware was found exploiting it for distribution. Other malware families abused it as well, including botnets, backdoors, NotPetya, and banking Trojans.

Now, the same exploit is being used to spread WannaMine, a piece of malware focused on mining for the Monero crypto-currency, but which uses sophisticated capabilities, such as persistence and distribution mechanisms similar to those used by nation-state actors, CrowdStrike says.

WannaMine, the security researchers explain, employs “living off the land” techniques for persistence, such as Windows Management Instrumentation (WMI) permanent event subscriptions. The malware has a fileless nature, leveraging PowerShell for infection, which makes it difficult to block without the appropriate security tools.

The malware uses credential harvester Mimikatz to acquire legitimate credentials that would allow it to propagate and move laterally. If that fails, however, the worm attempts to exploit the remote system via EternalBlue.


Vivian Zhang is CTO and chief data scientist for the NYC Data Science Academy.

In this exclusive interview, Zhang traces her journey from passionate open source activist to data science training evangelist.


TechNewsWorld: What is the mission of the NYC Data Science Academy, and why is it an important institution?

Vivian Zhang: We teach data scientists. We train companies and their employees, since we believe it's important to understand and benefit from the data. We excel in data science consulting, and we encourage our clients to train their team to do the work.

That's why we do a lot of corporate and individual training. We offer live-streaming and recorded video format, and we also offer training in person in New York City. Teaching is very fulfilling. We have helped about 1,300 part-time students and 300 full-time students to advance their careers.

TNW: What is your role with the NYC Data Science Academy?

Zhang: I'm in charge of the technical side of things -- coming up with the prototypes to enable our clients to understand data science. Every quarter we're updating content, and we're trying to be innovative and creative. We want to challenge traditional data analysis methods, and we want to inspire other people to do a better job with data analytics.

Traditionally people use a lot of closed-source software, but we're focusing on the open source world. Millions of people are contributing to those projects now. People are increasingly moving toward open source. The iteration and the enthusiasm of the community surpasses anything you can see in the closed-source community.

TNW: What inspired you to do the work you're doing with the academy?

Zhang: I was a volunteer in the open source community for 10 years. That's initially how I started a consulting business, because I'm so passionate about it. The school is a coincidence. I taught data science in my meet-up group, and it grew quickly, since companies wanted training for their employees. I never thought I would become a teacher.

TNW: What are some of the most significant current trends in the field of data science?


A new botnet called Hide ‘N Seek (HNS botnet) appeared in the threat landscape, the malware is rapidly spreading infecting unsecured IoT devices, mainly IP cameras.

The HNS botnet was first spotted on January 10th by malware researchers from Bitdefender, then it disappeared for a few days, and it has risen over the weekend.

The number of infected systems grew up from 12 at the time of the discovery up to over 20,000 bots, at the time of writing

“Bitdefender researchers have uncovered an emerging botnet that uses advanced communication techniques to exploit victims and build its infrastructure. The bot, dubbed HNS, was intercepted by our IoT honeypot system following a credentials dictionary attack on the Telnet service.” states the analysis from Bitdefender.

“The samples identified in our honeypots on Jan. 10 revolved around IP cameras manufactured by a Korean company. These devices seemed to play a major role in the botnet as, out of the 12 IP addresses hardcoded in the sample, 10 used to belong to Focus H&S devices. The new version, observed on Jan. 20, dropped the hardcoded IPs.”

Recently security experts spotted other IoT botnets, most of them linked to the Miraibotnet, such as SatoriOkiru, and Masuta, but the HNS botnet has a different genesis and doesn’t share the source code.

Researchers at Bitdefender found similarities between the HNS and the Hajime botnets, unlike Mirai, Hajime doesn’t use C&C servers, instead, it implements a peer-to-peer network.


The coolest gadgets we saw at CES 2018.

1. This is LG's giant 65-inch 4K OLED TV. This rollable TV concept can emerge when you want it to. It goes back into its home box when not in use. You can adjust the height of the TV for certain types of content.

2. This is an $8,000 robotic umbrella. The Sunflower Shadecraft moves with the sun. It has a built-in entertainment system. It comes equipped with its own security camera.

3. Razer's "Project Linda" concept turns your smartphone into a laptop. It has a laptop-shaped dock for Razer's phone. This becomes the touchpad you'd normally have on a laptop. It will automatically display what is on your phone to the laptop screen.

4. Meet Samsung's new modular TV. They call it "The Wall." It can change sizes to best fit your environment. The one displayed at CES was a giant 146 inches.

5. Vivo tested the limits of a smartphone. They put a fingerprint sensor underneath the screen. This allows for more screen on the front of the phone.

6. Google's Lenovo Mirage Solo is a smartphone in VR headset form. It's their first standalone VR headset with high-tech hardware. It doesn't require a smartphone, PC, or video game console to render VR graphics.

7. This is Toyota's self-driving e-Palette concept vehicle. It will serve as a multi-purpose delivery vehicle, mobile office, or storefront. With Toyota's recent partnership with Pizza Hut, the vehicle could be used to deliver pizzas.

8. LG revealed their ThinQ AI TV. It's stunningly thin, OLED, and has 4K resolution. It can be controlled by Google Assistant.

What will be in store for 2019?