Recommended NZ | Guide to Money | Gimme: Competitions - Giveaways

Adylkuzz Crytocurrency miner Is not the next WannaCry

Fuseworks Media
Fuseworks Media

There have been reports of another threat, known as Adylkuzz, leveraging MS17-010 to propagate to vulnerable machines. MS17-010 is the same vulnerability used by WannaCry to propagate across networks however this is where the similarity with Adylkuzz ends.

Symantec customers using IPS have been proactively protected against attempts to exploit MS17-010.

Cryptocurrency mining

The main purpose of Adylkuzz is to mine Monero, a crytocurrency similar to Bitcoin. Adylkuzz installs a known cryptocurrency miner called cpuminer on compromised machines. Adylkuzz performs its mining operations in the background therefore infected users are unlikely to notice its presence. However, mining operations are CPU intensive so having a miner running on your machine could lead to performance issues.

While a nuisance, Adylkuzz does not have the same impact on compromised machines as ransomware threats which could lead to data loss and wide scale disruption.


Adylkuzz leverages MS17-010, also known as EternalBlue to compromise machines. Adylkuzz attackers scan the internet for vulnerable machines to install their malware. Unlike WannaCry, Adylkuzz does not have the ability to self-propagate. It was WannaCry’s ability to self-replicate that allowed it to spread very quickly within organisations.

Low prevalence

Due to the effectiveness of IPS in proactively blocking infections, Symantec is observing low infections of Adylkuzz. Symantec has blocked over 44 million attempts to exploit MS17-10 and observed fewer than 200 machines with Adylkuzz infections.

All articles and comments on have been submitted by our community of users. Please notify us through our contact form if you believe an item on this site breaches our community guidelines.