Though not directly descended from WannaMine, which leverages NSA-attributed exploits, EternalMiner leverages similar vulnerabilities in Linux and Unix servers running Samba, which had a long disclosed Server Message Block (SMB) vulnerability.

EternalMiner exploits unpatched servers running versions of Samba vulnerable to remote code execution (CVE_2017_7494) using the SambaCry or EternalRed exploit.

Once exploited, attackers execute two payloads against the compromised Samba server:

A reverse shell that allows for remote control and code execution

A CPUminer to mine the Monero cryptocurrency with the victim’s system

Products sold by OpenVault are for entertainment and educational purposes only. Customer’s are purchasing a physical copy of digital artwork (Software box).

Add To Cart