Researchers from security firm CrowdStrike spotted a new Monero crypto-mining worm that spreads leveraging the NSA-linked EternalBlue exploit. WannaMine was developed to mine the Monero cryptocurrency abusing victims resources. According to security researchers at CrowdStrike, the malicious code is very sophisticated, it implements a spreading mechanism and persistence model similar to those used by state-sponsored APT groups. The malicious code implements so-called living off the land techniques to gain persistence on the infected system leveraging Windows Management Instrumentation (WMI)”]
Source: https://securityaffairs.co/wordpress/68518/malware/wannamine-nsa-eternalblue.html