It’s another day in the world of cryptocurrencies and one more crypto malware to deal with. We are talking about the newly discovered crypto jacking malware BlackSquid. This malware uses web server exploits and brute-force attack to hit the network drives, removable drives, etc. Apparently, it uses eight exploits to infect a system. after accessing a system, it downloads and installs XMRig Monero mining software.

The exploits it uses includes notorious names such as DoublePulsar and EternalBlue, three ThinkPHP exploits and exploits for CVE-2014-6287, CVE-2017-12615, and CVE-2017-8464. Cybersecurity firm Trend Micro reports about the BlackSquid. The security firm mentions that this crypto malware can cancel a payload if it detects that it is in a sandbox environment. The report says that this malware has a thorough presence in the US and in Thailand.

Crypto malware will always remain a major issue to deal with. Users have to be aware of the exploits and malware. Yesterday we did mention about the Nanshou Campaign malware which has hit over 50,000 servers from various sectors.