Back in May 2019, Microsoft revealed details about a severe hackable flaw that exists in the Remote Desktop Protocol (RDP) in Windows OS. The BlueKeep bug can enable an automated worm to spread malware and an estimated 1 million devices are vulnerable to this flaw.
It seemed like a matter of time before someone unleashed a global attack and as predicted, BlueKeep has finally struck. However, it isn’t as severe as feared.
The first instance of the BlueKeep exploit was spotted by security researcher Kevin Beaumont. He detected the BlueKeep attack via Honeypots — a decoy computer system for detecting hacking campaigns.
The initial attack came from a “low-level actor” who appeared to have scanned the internet and infected vulnerable systems with a cryptocurrency miner. So far, there have been no signs of data-stealing or wipeout, no automatic spreading or signs of ‘wormable’ action.
The same has been confirmed by other security researchers such as Jake Williams and Marcus Hutchins (also known as ‘MalwareTech’ on Twitter) who hit a kill switch that stopped WannaCry.
It looks like a #BlueKeep worm has finally arrived! Kevin kindly sent me a crash dump and after some investigation I found BlueKeep artifacts in memory and shellcode to drop a Monero Miner. https://t.co/7G88YAW5lr
— MalwareTech (@MalwareTechBlog) first windows bluekeep attacks spotted installing cryptocurrency miners
