Though not directly descended from WannaMine, which leverages NSA-attributed exploits, EternalMiner leverages similar vulnerabilities in Linux and Unix servers running Samba, which had a long disclosed Server Message Block (SMB) vulnerability.
EternalMiner exploits unpatched servers running versions of Samba vulnerable to remote code execution (CVE_2017_7494) using the SambaCry or EternalRed exploit.
Once exploited, attackers execute two payloads against the compromised Samba server:
A reverse shell that allows for remote control and code execution
A CPUminer to mine the Monero cryptocurrency with the victim’s system
Products sold by OpenVault are for entertainment and educational purposes only. Customer’s are purchasing a physical copy of digital artwork (Software box).