An aptly-titled malware has been discovered that can wreak havoc on web servers, removable storage devices and network drivers. BlackSquid has a number of arms that facilitate its nefarious activity and which seeks to mine Monero on the target machines. It is able to attack by exploiting an unpatched security flaw found on the target devices. To date, most of the compromises have occurred in the US and Thailand. BlackSquid has eight components and utilizes anti-virtualization, anti-debugging, and anti-sandboxing methods to determine whether to continue with installation or not,\u201d according to a report by Trend Micro. It also includes \u201cwormlike behavior for lateral propagation,\u201d as well as several known exploits such as DoublePulsar, EternalBlue, three ThinkPHP exploits and four different CBE exploits. That\u2019s not all, though, Trend Micro believes that BlackSquid may only be a prelude to something more dastardly. The company explains, \u201c\u2026 ybercriminals may be testing the viability of the techniques used in this malware\u2019s routine for further development. The sample we acquired downloads and installs an XMRig Monero cryptocurrency miner as the final payload. But BlackSquid may be used with other payloads in the future.\u201d BlackSquid attacks a target through one of three entry points \u2013 an infected webpage, infected removable or network drives or through an infected web server. It is able to immediately cancel the infection routine in order to avoid being detected. Trend Micro further explains, \u201cGiven its evasion techniques and the attacks it is capable of, BlackSquid is a sophisticated piece of malware that may cause significant damage to the systems it infects. If successful, this malware may enable an attacker to escalate unauthorized access and privileges, steal proprietary information, render hardware and software useless, or launch attacks on an organization (or even from an organization into another).\u201d Adding to the assertion that the code may only be in development, the analysts reveal that there is poor coding and skipped routines that could indicate more work on the malware is coming. The malware developers could just be studying how to make their attacks more profitable and determining which targets to hit first. The malware goes after known exploits, holes in coding that were identified years ago. These holes have already had patches issued for them and IT professionals who don\u2019t properly maintain their systems are promulgating the continued spread of hackers\u2019 capabilities by not taking the necessary precautions. Trend Micro recommends that all systems be updated appropriately and that enterprises should enable a \u201cmultilayered protection system\u201d to block threats and malicious web links.