An updated version of NRSMiner cryptocurrency mining malware has been spotted targeting vulnerable systems. The malware uses the EternalBlue exploit kit for propagation and is actively spreading in Asia.
According to a detailed report from a cybersecurity firm F-Secure, Vietnam is highly affected by the new version of NRSMiner. The latest variant of the malware can propagate into a system in two ways.
The first method includes the download of the updater module onto a system that was earlier infected with a previous version of NRSMiner.
The second method involves the use of unpatched systems. The miner looks out for the systems that are not patched with the security update MS17-010.
The new version of NRSMiner uses the XMRig Monero CPU miner to generate units of the Monero cryptocurrency. Apart for being used for mining currencies, the malware can download updated modules and delete the files and services installed by its previous versions.
Disable SMBv1 to reduce the attack surface. Installing MS17-010 security update is also recommended to address the flaws in SMBv1. Moreover, you can configure your firewall to block the in-and-outbound traffic - of port number 445 - from spreading within the local network.