It is now more than two years since the world was introduced to EternalBlue, Microsoft Windows exploit thought to have been developed by the National Security Agency (NSA) and subsequently leaked. That initial introduction was by way of the WannaCry ransomware attack that spread rapidly across the globe. Unfortunately, it would appear that EternalBlue exploiting malware is still alive today and kicking hard.

What is the worm infecting Windows machines? A botnet known as Smominru has been active since 2017, targeting Windows machines using a combination of an EternalBlue exploit worm and brute-force attacks. The Threat Analysis Unit (TAU) at Carbon Black published a threat intelligence notification regarding Smominru on August 12. It reported how the primarily cryptomining campaign had evolved to include multiple new attack techniques such as LOLBins, used to such devastating effect by the recent Windows Nodersok attack, modified malware and credential theft. Smominru also deploys a variety of other payloads and backdoors, making it a highly dangerous threat to your network.