The Blukeep bug allows hackers to install cryptocurrency mining malware into the systems. Microsoft has urged users to install the patch. The patch is available for unsupported versions of Windows, including XP.
More than 70,000 systems are still vulnerable to attacks. BlueKeep exploit was spotted by security researcher Kevin Beaumont, who has been running a worldwide honeypot network, named BluePot, in an effort to catch exploitation attempts.
The first attack came from a “low-level-actor” who scanned the vulnerable device and then installed cryptocurrency Monero miner in them. As of now, there have been no signs of data-stealing or wipeout, or “wormable’ action” has been reported.
Security researchers Marcus Hutchins also tweeted that “it looks like BlueKeep worm has finally arrived.” He added that after some investigation, he found BlueKeep artifacts in memory and shellcode to drop a Monero Miner.
It looks like a #BlueKeep worm has finally arrived! Kevin kindly sent me a crash dump and after some investigation I found BlueKeep artifacts in memory and shellcode to drop a Monero Miner. https://t.co/7G88YAW5lr
— MalwareTech (@MalwareTechBlog) November 2, 2019
Kevin Beaumont in a blog post wrote that so far the content being delivered with BlueKeep appears to be frankly a bit lame — coin miners aren’t exactly a significant threat — however, it is clear people now understand how to execute attacks on random targets, and they are starting to do it.