Monero Cryptominers Exploit Windows 7 EternalBlue Vulnerability

Michael LaVere
  • Security researchers at Guardicore Labs outlined a crypto mining attack exploiting a significant Windows 7 vulnerability.
  • Monero cryptominers were able to infect a network using the EternalBlue WAV audio file vector.

Researchers at security firm Guardicore Labs have discovered a significant crypto exploit using outdated Windows 7 audio file technology.

According to the initial report by Guardicore, security researchers Ophir Harpaz and Daniel Goldberg revealed how a medical technology business was attacked by Monero cryptominers using a WAV audio file to hide the malware. Attackers were able to exploit the EternalBlue vulnerability in the Windows 7 operated network. 

The report states, 

The victim network was infected with a well-obfuscated malware, hiding a Monero cryptominer inside WAV files. The attacker attempted to propagate within the organization by infecting machines running Windows 7 – an operating system soon becoming End-of-Life – and exploiting the infamous EternalBlue vulnerability.

In an interview with Forbes, researcher Daniel Goldberg called the security risk for Windows 7 users “crazy high.”

He said, 

The risks are crazy high to organizations facing this WAV-based attack if they are running a Windows 7 system after EoL, before the quarter is over, there will be other vulnerabilities discovered in Windows 7 too that will not be fixed by Microsoft and will also be easy to exploit.

Goldberg recommended updating all software still running Microsoft 7 or isolating machines that cannot be upgraded from the rest of the network. 

Featured Image Credit: Photo via Pixabay.com