Earlier this week, the presence of a new crypto mining malware was discovered named ZombieBoy. This malware started mining initially at $1000 per month. The existence of this threat was revealed by a Private security researcher, James Quinn
Tweet by Latest Hacking News:
“ZombieBoy: New Crypto-Mining Malware Exploits Multiple CVEs”
ZombieBoy was named after its use of ZombieBoyTools kit, a kit which the malware uses in dropping its first .DLL or dynamic link library file. Similar to Massminer, except this Malware uses WinEggDrop to search for its next victim to infect.
According to Quinn reports, the malware was gathering an average of $1000 cryptocurrencies every 30 days before a recent closure of its address, which traced back to the Monero mining pool MineXMR. The malware can be traced back to its origin in China due to the simplified mandarin it uses. Its most common target is Monero [XMR] and Zcash [ZEC].
The malware attacks its victims by infecting their system using certain weak points like:
- CVE-2017-9073 which is primarily a Remote Desktop Protocol on ‘Windows XP’ and ‘Windows 2003’
- Server Message Block that utilizes CVE-2017-0146 and CVE-2017-0143.
Furthermore, for creating a large number of back-doors, the malware takes advantage of EternalBlue and DoublePulsar, exploits developed by the National Security Agency [NSA], to access control over a device or machine. This increases the possibilities of the network crashing and at the same time makes it impossible for the IT department to identify and remove any threat.
Encoded with Themedia, a pop-up which prevents this malware from running on Virtual machines, making it nearly impossible to reverse engineer and trace its activities. This shows the limit for how much countermeasure protocols can develop and its effectiveness.
Reports indicate that it has been recently discovered that ZombieBoy has connected up with another mining program of the same origin by the name of IRON TIGER APT, a version of the Gh0stRAT, and a few other mining malware with a Chinese origin which indicates a continuous evolution and resolution.
For many companies who want to protect their systems from such threats, a few countermeasures that could protect their system are:
- Allowing two-factor authentication
- Impair access to less used ports and services.
- Venturing in end-point safety protocols
- Having an updated anti-virus
- Formulating secondary practices and making them active.
Subscribe to AMBCrypto’s Newsletter
Mt. Gox: Exchange’s key challenge was getting fiat, says Stellar’s Jed McCaleb
Cryptocurrency Adoption: Institutional investors should consider cryptocurrencies, says pension and endowment adviser Cambridge Associates
Ethereum [ETH] breaches $5.56 billion mark in daily trading volume; highest recorded in over a year
Binance CEO reveals BitTorrent [BTT] airdrop error; reassures users that ‘funds are SAFU’
Ethereum [ETH/USD] Price Analysis: Bull continues to grace the market with its presence
DigiByte community gears up for Global Summit while founder Jared Tate finalises book on decentralized internet
Bitcoin [BTC] developer Jimmy Song lists 3 reasons why Bitcoin SV [BSV] is a “scam”
Bitcoin [BTC] among cryptocurrencies enabled by new debit card launched by Australian Crypto exchange
After Bitcoin [BTC] ETF silver lining, SEC puts forth circular on ICOs
Ethereum [ETH] could have been stolen through malware impersonating MetaMask
Bitcoin [BTC]: Mt Gox redemption plan demonstrates the power of open source network, says Brock Pierce
- Press Release
A New Generation of Crypto-Exchange: ALL IN ONE Crypto-Exchange
Flash Hike: XRP pumps by 10% as most top-10 coins gleam green
- Bitcoin Cash
Bitcoin Cash [BCH]: Roger Ver promises to sell his Bitcoins if the block size drops to 300KB