As reported by the security company Symantec, there is a new malware around, Beapy, which falls into the crypto jacking category used to mine Monero, probably chosen by hackers for its characteristic of being anonymous.
Beapy was discovered by Symantec last April 1st and has been identified as a Windows malware. Beapy mainly targets companies and uses the EternalBlue exploit, which, according to many people, was developed by the American NSA as a means of stealing credentials and quickly spreading throughout the company network.
The malware, sent via an excel attachment, downloads the DoublePulsar backdoor to the victim’s computer, allowing remote commands to be executed. In addition, the vulnerability exploit of the Windows SMB protocol allows it to spread throughout the affected network.
With the above command, the computer contacts the Beapy C&C server, where other commands leading to the download of the Monero coinminer are executed and the whole process is repeated on all computers in the network.
According to data gathered from the malware’s behaviour, Beapy mainly affected Asian regions such as China (80%), Japan (4%), South Korea (3%) and Hong Kong (2%).