Another major global cyberattack is underway, and it could be even bigger than the weekend's WannaCry ransomware attack last week.

Key points: Adylkuzz has probably been running in infected machines since the vulnerability was leaked

Adylkuzz has probably been running in infected machines since the vulnerability was leaked It does not hold data to ransom, rather runs a program in the background for monetary gain

It does not hold data to ransom, rather runs a program in the background for monetary gain Most machines hit had not been updated and would have been safe if they had

Independent cybersecurity researcher Troy Hunt said the so-called Adylkuzz attack appears to be exploiting the same vulnerabilities the WannaCry ransomware attack did.

Mr Hunt told The World Today it appeared Adylkuzz actually began to exploit computers when the vulnerability was announced almost one month ago.

And while WannaCry was busy making "such a big noise" and was easily observable by everyone, Adylkuzz was working away quietly in the background.

There are some fundamental differences between WannaCry and Adylkuzz.

On paper, WannaCry was more damaging in a traditional sense, by threatening the loss of a victim's data.

Space to play or pause, M to mute, left and right arrows to seek, up and down arrows for volume. Listen Duration: 2 minutes 58 seconds 2 m 58 s Listen to the interview with Troy Hunt on The World Today Download 5.5 MB

It encrypted files on the machine and then when the user next tried to log in, a window popped up demanding ransom of a certain amount in a form of crypto currency.

"This latest variant [Adylkuzz] appears to be a lot more stealthy, insofar as it's not destroying assets that you have in your machine," Mr Hunt said.

"Rather it's using the machine to mine crypto keys to turn it into something with monetary value."

What that means is the malware consumes resources on the machine, such as using CPU cycles.

So whoever is behind the attack creates an army of machines, with each one running a program in the background of the machine which link up with other machines infected and altogether create small amounts of cryptocurrency.

These programs mostly go unnoticed by the computer's owner.

"It's certainly not as obvious as when you get a warning popping up on your screens saying, 'Hey, your [data] has just been encrypted'," Mr Hunt said.

And while the effect might not be as obvious at the start, what Mr Hunt warned was that it could easily expand into something, "a whole lot more malicious."

"These malicious programs are controlled by these commanding control servers, that manage bot-nets around the world," Mr Hunt said.

The infected machines are then standing ready to do the attackers' bidding.

Mr Hunt said the concern was that while mining crypto currency was one thing, it could then expand further into something far worse.

Are the same people behind both attacks?

Mr Hunt said at this time it was hard to tell exactly who was behind the Adylkuzz attack.

But he said there was speculation WannaCry was related to North Korea, due to the software behavioural characteristics sharing similarities to the Sony attack in 2014 — which was attributed to DPRK.

The underlying vulnerability was disclosed publicly a month ago, which Mr Hunt said meant anyone could have picked it up and "left it open."

"This was something that the NSA knew, some people stole the tools from the NSA and then leaked it publicly," he said.

"So, the vulnerability itself is really broadly known."

How safe are you?

It was important to keep in mind, Mr Hunt said, the vulnerability the two malware variants exploited, had been fixed for the past two months.

So why are people still being attacked?

"The vulnerability we really have is people not keeping their systems up to date," Mr Hunt said.

Essential to protecting a machine from being attacked is to keep up to date with patches through updates.

Last week, the national health service in the UK was hit heavily by the WannaCry attack simply because they had not been patching their machines.

But it is not just big organisations who are at danger if they don't update regularly.

"Individuals like you [and] me … who do things like [turn off updates] with their Windows machine … if you do that, you don't get the protection," he said.

"So that's sort of the big lesson we're getting out of this: we're as vulnerable as our practice as users.

"If you use the technology just straight out of the box the way it's designed to be used, you wouldn't have had problems with this incident."