Earlier this week, the presence of a new crypto mining malware was discovered named ZombieBoy. This malware started mining initially at $1000 per month. The existence of this threat was revealed by a Private security researcher, James Quinn
Tweet by Latest Hacking News:
“ZombieBoy: New Crypto-Mining Malware Exploits Multiple CVEs”
ZombieBoy was named after its use of ZombieBoyTools kit, a kit which the malware uses in dropping its first .DLL or dynamic link library file. Similar to Massminer, except this Malware uses WinEggDrop to search for its next victim to infect.
According to Quinn reports, the malware was gathering an average of $1000 cryptocurrencies every 30 days before a recent closure of its address, which traced back to the Monero mining pool MineXMR. The malware can be traced back to its origin in China due to the simplified mandarin it uses. Its most common target is Monero [XMR] and Zcash [ZEC].
The malware attacks its victims by infecting their system using certain weak points like:
- CVE-2017-9073 which is primarily a Remote Desktop Protocol on ‘Windows XP’ and ‘Windows 2003’
- Server Message Block that utilizes CVE-2017-0146 and CVE-2017-0143.
Furthermore, for creating a large number of back-doors, the malware takes advantage of EternalBlue and DoublePulsar, exploits developed by the National Security Agency [NSA], to access control over a device or machine. This increases the possibilities of the network crashing and at the same time makes it impossible for the IT department to identify and remove any threat.
Encoded with Themedia, a pop-up which prevents this malware from running on Virtual machines, making it nearly impossible to reverse engineer and trace its activities. This shows the limit for how much countermeasure protocols can develop and its effectiveness.
Reports indicate that it has been recently discovered that ZombieBoy has connected up with another mining program of the same origin by the name of IRON TIGER APT, a version of the Gh0stRAT, and a few other mining malware with a Chinese origin which indicates a continuous evolution and resolution.
For many companies who want to protect their systems from such threats, a few countermeasures that could protect their system are:
- Allowing two-factor authentication
- Impair access to less used ports and services.
- Venturing in end-point safety protocols
- Having an updated anti-virus
- Formulating secondary practices and making them active.
The post New Mining Malware threatens crypto-world – ZombieBoy appeared first on AMBCrypto.