NSA 'DoubleStar' Backdoor Blamed for Cryptocurrency Mining Malware

A type of cryptocurrency mining malware has spread due to an exploit developed by the US National Security Agency.

AccessTimeIconJun 21, 2017 at 5:30 p.m. UTC
Updated Aug 18, 2021 at 6:22 p.m. UTC

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

A type of cryptocurrency mining malware has spread due to an exploit developed by the US National Security Agency, cybersecurity researchers say.

According to Dr.Web, a Russian anti-virus vendor, the NSA's "DoublePulsar" backdoor – which was leaked earlier this year by a group called the Shadow Brokers – allows the entry of a Trojan program that installs software to secretly mine the privacy-oriented digital currency monero.

  • Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
    13:18
    Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
  • Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
    05:10
    Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
  • The first video of the year 2024
    04:07
    The first video of the year 2024
  • The last regression video of the year 3.67.0
    40:07
    The last regression video of the year 3.67.0
  • In a 15th June blog post, Dr.Web laid out the nuts and bolts of the malware, noting:

    "This malicious program, designed for mining the Monero (XMR) cryptocurrency, was dubbed Trojan.BtcMine.1259. Trojan.DownLoader24.64313 downloads the miner to a computer. This loader Trojan is distributed via the backdoor DoublePulsar."

    It's not immediately clear how many machines have been infected with the malware due to the NSA exploit, and a representative for the company wasn't immediately available to comment when reached.

    Wired reported in April that tens of thousands of machine were impacted following the exploit's release.

    DoublePulsar has also been identified as a factor in the recent "WannaCry" ransomware attacks, which impacted hundreds of thousands of computers across the globe.

    Image via Shutterstock

    Disclosure

    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.