Cryptocurrency
The hackers are using the Trojan to mine for the cryptocurrency Monero iStock

Hackers are reportedly using the NSA's leaked DoublePulsar malware to infect vulnerable Windows PCs with a new cryptocurrency miner identified as "Trojan.BtcMine.1259". The Trojan reportedly leverages DoublePulsar, an NSA hacking tool leaked by the Shadow Brokers, to infect systems running unsecured SMB protocols.

DoublePulsar was at the heart of the WannaCry attacks and was used by hackers to spread the self-propagating ransomware last month. Security experts estimated that hackers used the NSA malware, which essentially functions as a backdoor, providing access to vulnerable Windows systems, to infect nearly 100,000 Windows PCs.

BleepingComputer reports that the hackers behind the latest attacks are using DoublePulsar to download a malware loader onto victims' systems, which scans computers for minimal kernel threads. In the event that a PC satisfies the parameters required, the malware loader downloads the cryptocurrency Trojan.

Security experts reportedly believe that the cryptocurrency miner is a mix of malware variants. For instance, the Trojan uses parts of the Ghost RAT (Remote Access Trojan) to communicate with its C&C (command and control) server and also to hide its activities when victims launch the Task Manager Windows utility.

Trojan mining Monero

The hackers are using the Trojan to mine for the cryptocurrency Monero, which has recently been increasingly replacing Bitcoin as the primary form of currency used by numerous cryptocurrency miners.

Following the WannaCry attacks, security researchers found that DoublePulsar, along with another leaked NSA malware called EternalBlue, was being used in "large-scale attacks" that infected systems with a Monero mining strain called "Adylkuzz".

The leaked NSA malware strains target PCs running older Windows versions. Microsoft recently announced that it would disable all SMB1 portals to ensure that such attacks are thwarted. Post WannaCry, security experts have advised people to update their Windows systems to the latest versions to remain safe from such attacks.