- The Tencent Security Threat Intelligence Center recognized that the ThanatosMiner pondered on the BlueKeep’s vulnerability CVE-2019-0708 to spread the attacks.
- The BlueKeep vulnerability (CVE-2019-0708) came with an update from Microsoft on 15th May 2019.
- This security update patch is highly valued by all security vendors due to its high vulnerability.
The Tencent Security Threat Intelligence Center recognized that the ThanatosMiner (also known as the Death Miner) pondered on the BlueKeep’s vulnerability CVE-2019-0708 to spread the attacks. The assailant packaged the public Python version of the BlueKeep exploits code to generate scan.exe. After generating this, they scanned a large number of randomly generated IP addresses for detection and attack.
The BlueKeep vulnerability (CVE-2019-0708) came with an update from Microsoft on 15th May 2019. This security update patch is highly valued by all security vendors due to its high vulnerability. Once the assailants provoke this vulnerability they can successfully execute arbitrary code without any user interaction. This means the target only needs connecting to a network. The Mining trojan can access the affected computers to mine Cryptocurrency.
However, this vulnerability has affected older versions of Windows. They include Windows 7, Windows Server 2008 R2, Windows 2003, and Windows XP, Windows 8, Windows 10 and the later version is not affected
Gimmicks about ThanatosMiner
The Tencent’s security team is fully aiding in intercepting and killing the trojan of ThanatosMiner. The officials at the Tencent’s security team have highly recommended the users to patch the BlueKeep vulnerabilities in time.
Failure to do so would expose the computer to a potential threat of being fully controlled by the attackers after they have scanned the code using the trojan. After the exploit is successful they simply have to execute a shellcode which will enable them to download the Trojan svchost.exe written in C#. Once this is done they move on to the next step of downloading the Monero mining Trojan and attack the module.
Various Solutions at hand
The security products can improve threat identification capabilities via the interface provided. Furthermore, IOCs associated with BlueKeep have supported identification detection. Tencent Yuzhi enables monitoring of networks whether affected by the remote code execution vulnerability. Tencent Royal Point provides an efficient firewall system against such vulnerabilities.
This mining Trojan has been named ThanatosMiner (Death Miner) because the name of the Payload program is ThanatosCrypt.