A new report by Kaspersky provides insight into Plurox, a highly sophisticated piece of malware first discovered in February. Plurox is a modular backdoor capable of distributing itself across networks and of planting additional malware on infected machines. Multi-functional “modular” malware is a growing threat to organizations.
Plurox can infiltrate systems by means of various exploits, including EternalBlue, a hacking tool developed by the National Security Agency (NSA). This exploit was leaked about two years ago by the Shadow Brokers and was subsequently used to infect hundreds of thousands of computers with ransomware during the 2017 WannaCry outbreak. The attackers behind Plurox use a command and control (C&C) server to load plugins into the malware to provide it with extended capabilities, such us installing cryptocurrency miners onto compromised machines. Crypto miners use the processing resources of infected devices in order to generate cryptocurrency by performing complex calculations.