Information security company Trend Micro said it had found a new family of malware, nicknamed by researchers as BlackSquid. It infects web servers, network drives and removable drives by installing mining software through many different exploits.
BlackSquid in particularly is dangerous for various reasons. It uses anti-virtualization, anti-debug and anti-sandbox methods to determine whether to continue with the installation or not. Take advantage of warming techniques for lateral propagation and use some of the most famous exploits today such as EternalBlue, DoublePulsar and other exploits are for CVE-2014-6287, CVE-2017-12615, CVE-2017-8464 and three ThinkPHP exploits for multiple versions".
BlackSquid stop its execution if username of the victim is its list of command sandbox username or disk drive is one of a sandbox's one.