WannaCry was last week’s threat – now Adylkuzz is coming for your computer.
The Australian Government today issued a high priority alert warning users to be aware of new malware targetting the same vulnerabilities in Microsoft Windows.
Althought the statement does not name the threat, it is believed to be software known as Adylkuzz.
Uncovered by cybersecurity firm Proofpoint, the Adylkuzz attack behaves similarly to last week’s WannaCry by exploiting the vulnerability of devices that are running unpatched versions of Windows. WannaCry infected an estimated 200,000 computers in 150 countries.
However, unlike WannaCry and other ransomware, it does not demand payment from its victims, does not encrypt or destroy information on devices, and does not make its presence obvious.
Proofpoint Senior Vice President Ryan Kalember said the malware is deliberately stealthy. “Users will only notice their Windows machine is running slowly and that they don’t have access to shared Windows resources.”
Adylkuzz has been infecting devices since May 2, with Proofpoint stating that it may have been active since as early as April 24.
The software works by using a network of computers to create a ‘mine’ for the digital currency Monero, similar to Bitcoin. The hackers are rewarded with Monero as the infected computers solve increasingly complicated mathematical equations, known as ‘hashes’.
Kalember said the malware is more profitable for hackers than WannaCry.
“While an individual laptop may generate only a few dollars per week, collectively the network of compromised computers appears to be generating five-figure payouts daily,” he said.
Adylkuzz takes advantage of its low-lying visibility by consuming resources from the device, such as using CPU cycles and electricity, according to reports.
However, there are fears it could turn malicious by compromising the safety of devices in the future.
Security company Symantec doubts Adylkuzz is the next WannaCry, stating that "while a nuisance, Adylkuzz does not have the same impact on compromised computers as ransomware threats which could lead to data loss and wide-scale disruption."
The statement from the government’s Stay Smart Online initiative stated “businesses, households and individuals that have not already taken steps to protect their computers, networks and devices are urgently recommended to do so.”
The alert was issued much more promptly than the government’s WannaCry warning. Gai Brodtmann MP, Shadow Assistant Minister for Cybersecurity, said it took four days for the government to notify Australians about that threat.
For those who fear their devices may have already been attacked by Adylkuzz, virus-detecting software can be run. However, this is not a foolproof detection method as the malware may have the ability to mask itself as a genuine mining application.
The government urges those who have been affected by Adylkuzz to report the incident to the Australian Cybercrime Online Reporting Network (ACORN) and to visit the Australian Cyber Security Centre’s news page for updates.
