A notorious computer exploit allegedly leaked from the US National Security Agency (NSA) is being used to boost the spread of a new cryptocurrency-generating malware dubbed "CoinMiner", according to experts at Japanese security firm Trend Micro.
The threat exploits a component in PCs known as "Windows Management Instrumentation" (WMI) and enters computers with an alleged NSA tool called EternalBlue – previously used by hackers to help spread the "WannaCry" ransomware across the world earlier this year.
The ultimate aim of the so-called "fileless malware" is to enslave a victim's machine and use its computing power to generate bitcoin, a form of digital cash.
The hackers' servers are still being updated, meaning the attack remains active at the time of writing.
To date, the campaign has been observed in countries including Japan, Indonesia, Taiwan, Thailand and India.
"The combination of fileless WMI scripts and EternalBlue makes this threat extremely stealthy and persistent," wrote Trend Micro researcher Buddy Tancio in a blog post this week (21 August).