Researchers have spotted a new cyberattack that is believed to be the very first but an amateur attempt to weaponize the infamous BlueKeep vulnerability in the wild to mass compromise vulnerable systems for cryptocurrency mining. The exploit contains encoded PowerShell commands as the initial payload, which then downloads the final malicious executable binary from a remote attacker-controlled server and executes it on the targeted systems. The malicious binary is cryptocurrency malware that mines Monero (XMR) using the computing power of infected systems to generate revenue for attackers.
Source: https://thehackernews.com/2019/11/bluekeep-rdp-vulnerability.html