The NSA-enabled Windows loophole used in WannaCry previously made computers mine Monero (XMR) in a separate attack.
According to research reported by Ars Technica, hackers were able to exploit the vulnerability in unpatched Windows operating systems for financial gain as early as April 24.
Using mining software called Adylkuzz, the same weaknesses meant attackers were “surprisingly effective at compromising Internet-connected computers,” according to Proofpoint researcher Kafeine.
Not only that, but WannaCry may have in fact slowed down due to the pre-existing exploit.
Kafeine wrote in a Proofpoint blog post:
“Initial statistics suggest that this attack may be larger in scale than WannaCry, affecting hundreds of thousands of PCs and servers worldwide.”
“...Because this attack shuts down SMB networking to prevent further infections with other malware (including the WannaCry worm) via that same vulnerability, it may have in fact limited the spread of last week’s WannaCry infection.”
The effects of WannaCry are still ongoing as ransom money slowly trickles through to perpetrators.
The post confirms that otal yield from the Adylkuzz scheme appears to be around $43,000 distributed among three XMR wallets.
“Two major campaigns have now employed the attack tools and vulnerability. We expect others will follow and recommend that organizations and individuals patch their machines as soon as possible.”