Dubbed Beapy, the campaign aims to drop a file-based coinminer onto compromised machines, to hijack their computing power for the attackers’ benefit. First observed in January 2019, the activity has been increasing since March, the security firm says.
Written in Python, the coinminer uses email as an initial infection vector, but also leverages the EternalBlue exploit and stolen and hardcoded credentials to spread to other machines on the compromised environment. This wormlike behavior suggests that the malware was probably always intended to target enterprises.
Beapy is mostly focused on enterprises in Asia, with over 80% of its victims located in China. Others are located in South Korea, Japan, Hong Kong, Taiwan, the United States, the Philippines, Vietnam, and elsewhere.
Leave a reply