Researchers at Proofpoint discovered a new attack linked to WannaCry called Adylkuzz, which uses the hacking tools recently disclosed by the NSA in a stealthier manner and for a different purpose. Instead of completely disabling an infected computer by encrypting data and seeking a ransom payment, Adylkuzz uses the machines it infects to "mine" a virtual currency called Monero as a background task, and transfer the money created to the authors of the virus. Proofpoint said in a blog that symptoms of the attack include loss of access to shared Windows resources and degradation of  PC and server performance, effects which some users may not notice immediately. Proofpoint said it has detected infected machines that have transferred several thousand dollars worth of Monero to the creators of the virus.

The firm believes Adylkuzz has been on the loose since at least May 2, and perhaps even since April 24, but due to its stealthy nature was not immediately detected.As it is silent and doesn't trouble the user, the Adylkuzz attack is much more profitable for the cyber criminals. It transforms the infected users into unwitting financial supporters of their attackers. According to Proofpoint, the attack is much bigger than WannaCry.

The WannaCry attack has wreaked havoc in computer systems worldwide. Britain's National Health Service, US package delivery giant FedEx, Spanish telecom giant Telefonica, and Germany's Deutsche Bahn rail network were among those hit. A US official on Tuesday put the number of computers infected by WannaCry at over 300,000.WannaCry took control of users' files and demanded 300-600 USD payments to restore access. More attacks could soon be underway as the hacker group The Shadow Brokers that leaked the vulnerabilities used by WannaCry and Adylkuzz has threatened to publish more.

,