Unknown attackers are using a recently patched vulnerability in Samba to spread a resource-intensive cryptocurrency mining utility.

To date, the operation has netted the attackers just under $6,000 USD, but the number of compromised computers is growing, meaning that a significant number of Samba deployments on *NIX servers remain unpatched. The attack also demonstrates that the vulnerability in Samba can extend EternalBlue-like attacks into Linux and UNIX environments. Samba is a software package that runs on Linux and UNIX servers and sets up file and print services over the SMB networking protocol.