A new malware variant reads like the greatest hits of cyberthreats: a cryptojacker using an NSA exploit to scan for IoT devices with hardcoded passwords to spread and distribute the miner. And according to experts, there's blame to be had on all sides.

Researchers at Fortinet's FortiGuard Labs have been tracking Python-based malware that uses the EternalRomance National Security Agency (NSA) exploit to spread and install a cryptominer -- hence, PyRoMine. And, now, the researchers found a variant that directly targets IoT devices, which they call PyRoMineIoT.

Jasper Manuel, a malware researcher at Fortinet, based in Sunnyvale, Calif., wrote in a blog post that PyRoMine and PyRoMineIoT malware don't need Python to be installed on the target systems, and PyRoMineIoT uses the EternalRomance NSA exploit to scan for IoT devices that are vulnerable due to using hardcoded passwords. Once PyRoMineIoT infects a device, the malware downloads components, including a Monero cryptominer.

"This development confirms yet again that malware authors are very interested in cryptocurrency mining, as well as in capturing a chunk of the IoT threat ecosystem," Manuel wrote. "We predict that this trend will not fade away soon, but will continue as long as there are opportunities for the bad guys to easily earn money by targeting vulnerable machines and devices."

Sean Newman, director of product management for Corero Network Security, based in Marlborough, Mass., said enterprises may not need to worry about cryptojackers specifically, because "they have their own specific mission, which has nothing to do with any data or information within an organization which ends up hosting them."

"But there is the obvious performance impact for any device which does get compromised for this purpose, which could negatively impact the function of IoT devices, for example," Newman wrote via email. "However, enterprises should really be asking themselves the [following] question: If a hacker can plant malware within my organization to mine cryptocurrency, what other malware can they, or another cybercriminal, plant just as easily?"

Justin Jett, director of audit and compliance for Plixer, based in Kennebunk, Maine, said regardless of the size of the enterprise, "organizations should be concerned with cryptominers."

"These malicious applications steal valuable resources that are critical to business applications. When allowed to go unabated, vital business applications are unable to perform as required. This means that organizations are losing not only resources, but time and money," Jett wrote via email. "Every company should use network traffic analytics to see where these cryptominers are spreading. Specifically, in the case of PyRoMineIoT, the malware is actively scanning for IoT devices on the network. Network traffic analytics makes quick work of such security vulnerabilities and can help IT professionals quickly see where the malware has compromised them."