Connect with us


New Mining Malware threatens crypto-world – ZombieBoy

Gautham Kadri



New Mining Malware threatens crypto-world - ZombieBoy
Source: Unsplash

Earlier this week, the presence of a new crypto mining malware was discovered named ZombieBoy. This malware started mining initially at $1000 per month. The existence of this threat was revealed by a Private security researcher, James Quinn

Tweet by Latest Hacking News:

“ZombieBoy: New Crypto-Mining Malware Exploits Multiple CVEs”

ZombieBoy was named after its use of ZombieBoyTools kit, a kit which the malware uses in dropping its first .DLL or dynamic link library file. Similar to Massminer, except this Malware uses WinEggDrop to search for its next victim to infect.

According to Quinn reports, the malware was gathering an average of $1000 cryptocurrencies every 30 days before a recent closure of its address, which traced back to the Monero mining pool MineXMR. The malware can be traced back to its origin in China due to the simplified mandarin it uses. Its most common target is Monero [XMR] and Zcash [ZEC].

The malware attacks its victims by infecting their system using certain weak points like:

  • CVE-2017-9073 which is primarily a Remote Desktop Protocol on ‘Windows XP’ and ‘Windows 2003’
  • Server Message Block that utilizes CVE-2017-0146 and CVE-2017-0143.

Furthermore, for creating a large number of back-doors, the malware takes advantage of EternalBlue and DoublePulsar, exploits developed by the National Security Agency [NSA], to access control over a device or machine. This increases the possibilities of the network crashing and at the same time makes it impossible for the IT department to identify and remove any threat.

Encoded with Themedia, a pop-up which prevents this malware from running on Virtual machines, making it nearly impossible to reverse engineer and trace its activities. This shows the limit for how much countermeasure protocols can develop and its effectiveness.

Reports indicate that it has been recently discovered that ZombieBoy has connected up with another mining program of the same origin by the name of IRON TIGER APT, a version of the Gh0stRAT, and a few other mining malware with a Chinese origin which indicates a continuous evolution and resolution.

For many companies who want to protect their systems from such threats, a few countermeasures that could protect their system are:

  • Allowing two-factor authentication
  • Impair access to less used ports and services.
  • Venturing in end-point safety protocols
  • Having an updated anti-virus
  • Formulating secondary practices and making them active.

Subscribe to AMBCrypto’s Newsletter

Follow us on Telegram | Twitter | Facebook

Gautham Kadri is a full time content writer at AMB Crypto. His passion is for writing and interest towards the future of cryptocurrencies and blockchain technology. He does not hold any form of crypto currencies presently.


Bitcoin SV [BSV] gets hit with another reorg as multiple blocks get orphaned, including a 128 MB block

Akash Anand



Bitcoin SV [BSV] gets hit with another reorg as multiple blocks get orphaned, including a 128 MB block
Source: Pixabay

Bitcoin SV [BSV] and its proponents have been making headlines over the past couple of weeks, either due to developments or because of comments made by its major proponents, Craig Wright, the chief scientist at nChain, and Calvin Ayre.

The network was also hit with several members of the cryptocurrency community alleging that the cryptocurrency itself is a sham without any use cases, as evidenced by its delisting on several popular cryptocurrency exchanges like Binance, Kraken and Shapeshift.

The latest news added salt to BSV’s wounds after it was revealed that the network went through another blockchain reorganization on a 128 MB block. This fact was pointed out by Nikita Zhavoronkov, the lead developer of Blockchair, who had tweeted:

“Whoops! $BSV has experienced yet another reorg, this time 6 (six!) consecutive blocks were orphaned (#578640–578645), this chain included a 128 MB block #578644 🤦‍♂️ The network was basically stuck for 1.5 hours, and this shows that even 6 confirmations are not enough.”

Orphaned blocks are valid blocks which are not part of the main chain. There are ways that they can occur naturally when two miners produce blocks at similar times or they can be a result of an attacker with enough hashing power using it for nefarious activities like reversing transactions.

A major reason why this reorg event made news was that a major 128 MB block was stuck in transaction, something that was not supposed to occur according to the initial claims made by the SV camp. Supporters of the cryptocurrency, however, have stated that despite being slower than promised, the transactions on the block settled faster than that on a Bitcoin Core block.

One supporter of BSV, mboyd1, tweeted:

“Orphaned blocks are a feature, not a bug”

To this tweet, Zyo, another cryptocurrency enthusiast replied:

“yes, but orphaning 6 blocks in a row is not good, that means that 6 confirmations is not safe. It’s a bug because the 100+ MB take way too long to propagate and validate. There is a reason why BCH doesn’t have [yet] 100+ MB blocks.”

Subscribe to AMBCrypto’s Newsletter

Continue Reading