Even as the world is still recovering from the after-effects of the massive spread of WannaCry ransomware, a new threat is looming to the cyber world. A new malware called ‘EternalRocks’ has been discovered and is believed to be more dangerous than WannaCry, which had affected more than 300,000 devices across 150 nations.
EternalRocks is essentially a combination of seven exploits stolen from the US National Security Agency (NSA). Detected by a Croatian tech security advisor, the malware operates quite similar to WannaCry. It leverages NSA’ network exploits called EternalBlue, EternalChampion, EternalRoman, and EternalSynergy. Miroslav Stampar, the Croatian security expert for the country’s Computer Emergency Response Team (CERT), claims the malware thrives on DoublePulsar, Architouch and SMBtouch tools, which were apparently used by NSA for its own snooping purposes, as exposed by hacking group ShadowBrokers.
The security expert also elaborated on how the malware works. According to his study posted online, the malware is downloaded in two separate stages. The second part is activated after 24 hours that allows it to avoid detection by the user or anyone else. The malware seems to be aimed at targeting a device anonymously but could be activated whenever the source wants. You can check out Stampar’s breakdown of EternalRocks here.
“After about six to eight hours of analysis, I found how to provoke the second stage,” said RT.com quotes Stampar as saying. “I got kind of excited and scared as somebody had successfully, and professionally, packed all SMB exploits from ShadowBroker’s dump. I predicted that something bigger than WannaCry is coming.”
At the moment there are no reports of devices getting affected by EternalRocks, but should not be underestimated nonetheless. Stampar’s discovery leads also shows the severe impact of WannaCry ransomware. Microsoft has stressed everyone to update to the newer Windows versions in order to avoid such cyber attacks.
After exposing of WannaCry ransomware, a number of new malware, perhaps equally dangerous, were discovered online. A security firm Proofpoint discovered large-scale attacks being conducted using EternalBlue and DoublePulsar exploits to install the cryptocurrency miner Adylkuzz. ALSO READ: After WannaCry, new threat from Adylkuzz ransomware lingers
Security experts from China, one of the worst hit nations by WannaCry ransomware, issued a warning against a new dangerous malware called UIWIX, which was targeting Windows-based devices. “UIWIX ransomware is picking up where the first WannaCry wave left off, without a kill switch domain and the same self-replicating abilities that enable it to spread fast,” a Danish security firm said. ALSO READ: After WannaCry, security experts warn users of new ransomware attack ‘UIWIX’