A new form of malware which uses the NSA’s leaked hacking tools has been discovered. This malware is called EternalRocks and uses seven exploits leaked in April by the Shadow Brokers.
The Shadow Brokers obtained the exploits after they reportedly hacked the NSA, and their posting led to the creation of the WannaCry ransomware.
While EternalRocks uses seven of the leaked exploits, WannaCry only used two.
Miroslav Stampar, a cybersecurity expert for Croatia’s Government CERT, discovered EternalRocks last week and tracked the first attacks to 3 May, stated the report.
EternalRocks uses the following NSA tools leaked by the Shadow Brokers:
“The majority of the tools exploit vulnerabilities with standard file sharing technology used by PCs called Microsoft Windows Server Message Block, which is how WannaCry spread so quickly,” stated by security Experts. Microsoft patched the vulnerabilities in March, but many PCs remain at risk due to users not updating their OS.
Where EternalRocks differs from WannaCry is that it has not alerted victims to a ransomware infection – it remains hidden, downloads Tor, and sends a signal to the worm’s servers.
From there, the server responds and starts downloading and self-replicating.
The report warned that EternalRocks can be “activated at any time”, and what its ultimate attack will be is not known at this stage.