A new type of cryptocurrency mining malware was identified at the beginning of this week dubbed ZombieBoy.
Hackers are trying new solutions to illegally mine cryptocurrencies. Security researcher James Quinn has found a new type of mining malware this week.
Tweet by Latest Hacking News cites:
“ZombieBoy: New Crypto-Mining Malware Exploits Multiple CVEs.”
The malware was named ZombieBoy according to the ZombieBoyTools kit it uses to process its first .DLL (Dynamic Link Library). The only difference between the new mining malware and Massminer one is that first chooses its victims according to WinEggDrop searches.
As reported by the security researcher, the hacker behind ZombieBoy was able to earn $ 1000 worth of cryptocurrencies every month until the address was blocked. It was identified that the hacker comes from China because of the language he/she used in coding, afresh the target seems to be once again mining of Monero (XMR) and Zcash (ZEC).
The malware targets weak points of users’ system such as:
- “CVE-2017-9073 which is primarily a Remote Desktop Protocol on ‘Windows XP’ and ‘Windows 2003’
- Server Message Block that utilizes CVE-2017-0146 and CVE-2017-0143.”
EternalBlue, DoublePulsar, and Themedia are used by ZombieBoy
For more chances to trigger the infection, ZombieBoy uses EternalBlue and DoublePulsar, issued by the National Security Agency [NSA]. Through these, the hacker gets control over the user’s device, making it difficult for developers to remove the attack.
ZombieBoy malware uses pop-up called Themedia. Because of this, all scam operations are well hidden and practically impossible to reverse as well as to track.
According to reports, ZombieBoy has recently been affiliated with the IRON TIGER APT mining mechanism as well as other malware programs based in China.
Here are a few measures you should follow to protect your system from such types of malware:
- “Allowing two-factor authentication
- Impair access to less used ports and services.
- Venturing in end-point safety protocols
- Having an updated anti-virus
- Formulating secondary practices and making them active.”