The Adylkuzz cryptojacking virus

Computer attacks are claiming ever more victims. These are often subject to malfunctions and hacking. A cryptojacking virus braves the might of computer systems, Adylkuzz, an independent version, stronger and more discreet than WannaCry.

Adylkuzz is a cryptomining malware that appeared in May 2017, its arrival coinciding with that of WannaCry, the ransomware that managed to generate as much media attention as user anguish, as would a deadly epidemic. Adylkuzz has exploited a security flaw to attack all versions of the Microsoft Windows OS.

What is Adylkuzz looking for?

This malware surpasses the ingenuity of ransomware, even exceeding the power of WannaCry. In reality, Adylkuzz is not interested in your personal data and details. The authors of the latter have even greater and more serious hopes; to fuel their cryptomining operation via infected computers, taking advantage of the “illegal” exploitation of their resources.

It’s no longer just a question of holding data hostage, but of more pernicious objectives. You may be wondering what lies behind this need for resources. The business based on cryptocurrency mining – the electronic currency used in digital exchanges to ensure secure encryption of transactions – requires huge financial investments to mine cryptocurrencies (Bitcoins, Litecoin, Monero or Ethereum).

So, to get around the costs, the Adylkuzz authors came up with an effective and free solution: to create loyal agents all over the world; PCs that carry out all the required actions remotely, free of charge. They get the computing power they want, without any financial investment. The network of computers (Botnet) used is made up of tens of thousands of compromised workstations, generating profits of tens of thousands of euros a day.

Adylkuzz was well aware that he wasn’t the only one in the field with ambitions for the top spot; he wanted to be in the vanguard, at the forefront. It therefore used the MS17-010 vulnerability to paralyze its competitors. It provides a kind of protection against other strains of malware borrowing the same security flaw.

A closer look at how it works

We’ve just explained how this malware takes advantage of the resources of infected computers. To achieve this, Adylkuzz developed a “smarter” approach than WannaCry, which enabled it to discreetly extend its stay on the “victim PC” without its user noticing, by running in the background. Users will only notice a slowdown of their system, without doubting or detecting the malware. The authors of this malware control infected machines via command servers to mine Monero cryptocurrency.

These authors can also run applications on the infected computer using scripts written in LUA, a free, open-source language that is extremely powerful and fast, and can be integrated into all types of applications, with the possibility of modifying its sources.

The strength and seriousness of Adylkuzz lies in the fact that it does not require any type of distribution, such as phishing e-mails. It is completely autonomous and requires no user interaction.