Sophos said the rootkit renders filesystem behavior invisible to the computer's end user, and also protects any other file the malware decides to store in its application directory.
Microsoft released the patch in 2017, but EternalBlue remains successful because of the significant number of Microsoft Windows systems around the world that haven't had it installed, putting them at risk of falling victim to this and other malware.
"I'd say the Glupteba attackers are angling to market themselves as a malware-delivery-as-a-service provider to other malware makers who value longevity and stealth over the noisy quick endgame of, for instance, a ransomware payload," said Brandt.
But the way it creates a backdoor into compromised computers, combined with the way in which those behind it look to be attempting to create a large botnet of readily available machines, suggests that the ultimate aim is to lease it out as a means of distributing other forms of malware to victims.
"The creators seem to have spent an unusual amount of effort on reinforcing the bot's stealth capabilities compared to other malware," Andrew Brandt, principal researcher at Sophos, told ZDNet.
I really appreciate you for taking the time to write me this feedback.
I received your feedback.
I am sorry!
An error occurred and we could not transfer your message.
Please try again or get in contact with us via mail.