Another large-scale, stealthy cyberattack is underway on a scale that could
dwarf last week's assault on computers worldwide, a global cybersecurity firm
told AFP .
The new malware attack aims the same vulnerabilities the WannaCry ransomware worm exploited but, rather than freeze files, uses the hundreds of thousands of computers believed to have been infected to mine virtual currency.
Following the detection of the WannaCry attack on May 12, "researchers at Proofpoint discovered a new attack linked to WannaCry called Adylkuzz," said Nicolas Godier, a researcher at the computer security firm.
Chinese state media says US should take some blame for cyber attack.
"It uses the hacking tools recently disclosed by the NSA and which have since been fixed by Microsoft in a stealthier manner and for a different purpose," he said.
Instead of completely disabling an infected computer by encrypting data and seeking a ransom payment, Adylkuzz uses the machines it infects to "mine" in a background task a virtual currency, Monero, and transfer the money created to the authors of the virus.
Virtual currencies like Bitcoin and Monero records the transactions of the volunteer’s computers. They are said to "mine" for the currency and are occasionally rewarded with a piece of it.
Proofpoint said in a blog that symptoms of the attack include loss of access to shared Windows resources and degradation of PC and server performance, effects which some users may not notice immediately.
How cyber experts are working round the clock to protect India from the 'biggest ransomware' attack?
Godier said, "As it is silent and doesn't trouble the user, the Adylkuzz attack is much more profitable for the cyber criminals. It transforms the infected users into unwitting financial supporters of their attackers."
Proofpoint said, “it has detected infected machines that have transferred several thousand dollars’ worth of Monero to the creators of the virus.”
The company believes Adylkuzz has been losing since at least May 2, and perhaps even since April 24, but due to its stealthy nature was not immediately detected.
Proofpoint's vice president for email products, Robert Holmes, told AF, "We don't know how big it is" but "it's much bigger than WannaCry".
A US official on Tuesday told the number of computers infected by WannaCry got upto 300,000.
"We have seen that before -- malwares mining cryptocurrency -- but not this scale," said Holmes.
The malware attack of WannaCry has spread a havoc in computer systems worldwide.
Britain's National Health Service, US package delivery giant FedEx, Spanish telecoms giant Telefonica and Germany's Deutsche Bahn rail network were among those hit.