ZombieBoy, a new malware mining rife on Windows

A new type of cryptocurrency mining malware was identified earlier this week, it was named ZombieBoy.

A tweet from Latest Hacking News tells us that a new cryptocurrency mining malware was discovered by James Quinn, an independent security researcher who investigated ZombieBoy in AlienVault this month. 

The malware takes its name from the ZombieBoyTools kit that is used by the malware in dropping its first file. DLL or dynamic link library. ZombieBoy is a very sneaky virus because, like MassMiner, it uses WinEggDrop instead of MassScan to identify its new hosts.

According to the researcher, this new malware reported nearly $ 1,000 per month to its developers before the recent closure of one of its addresses located on the mining pool Monero MineXMR. It is believed that the software comes from China because its interface is in that language.  

ZombieBoy infects the networks it targets by exploiting many vulnerabilities. These vulnerabilities include CVE-2017-9073 which is a remote desktop protocol. The malware also uses an RDP vulnerability on Windows XP and Windows Server 2003, as well as Server Block or SMB exploits CVE-2017-0146 and CVE-2017-0143. Once inside the machine, ZombieBoy uses EternalBlue and DoublePulsar to create many hidden entryways. This increases its chances of compromising the network while making it more difficult to eradicate the malware.

Source: https://www.alienvault.com/

ZombieBoy has a similar operation to Iron Tiger APT which is another Chinese malware which is itself a variant of Gh0stRAT. These programs are more and more efficient and difficult to eradicate because they are persistent and constantly evolving.  

To see if you are infected with this type of malware, I advise you to read my article on “How to counter Malware malware on your browser”

To be kept informed about news and other topics related to mining, you can join us on Telegram

Rig Crypto Analyse
2840 €
180 Mh/s
Autres Rigs
3050 €
140 Mh/s

Leave a Reply

Your email address will not be published. Required fields are marked *