ZombieBoy: New Crypto-Mining Malware Exploits Multiple CVEs

in backdoormalware •  6 years ago 


A new cryptomining malware called Zombieboy is on the prowl. Recently, this new addition to the cryptomining dynasty has clocked in at $1,000 per month.

James Quinn, an independent security researcher investigated ZombieBoy in AlienVault this month. The malware got its name from the ZombieBoyTools kit which is the kit used by the malware in the dropping of its first .DLL or dynamic link library file. ZombieBoy is an extremely infectious worm, just like MassMiner, however, it utilizes WinEggDrop instead of MassScan in the identification of its new hosts.

According to researcher Quinn, this new malware was raking in right around $1000 per month in cryptocurrency before the recent shutdown of one its addresses located on Monero mining pool MineXMR. The likely origin of ZombieBoy is believed to be China. This is based on the malware’s utilization of the Simplified Chinese Language.

ZombieBoy compromises the networks it infects by exploiting numerous vulnerabilities. These include CVE-2017-9073 which is essentially a remote desktop protocol or RDP vulnerability on Windows XP and on Windows Server 2003, and Server Message Block or SMB exploits CVE-2017-0146 and CVE-2017-0143. Next, EternalBlue and DoublePulsar are used by the malware in the creation of numerous backdoors. This increases its chances of compromising the network whilst also making it more difficult for IT parties to eradicate its infections.

Encrypted with Themdia, ZombieBoy will not run on VMs (virtual machines), making capturing and reverse engineering the cryptomining malware a difficult task. Additionally, this ultimately limits both the development and effectiveness of countermeasures.

The malware has been linked to IRON TIGER APT, another Chinese malware that is a variant of Gh0stRAT, as well as other malware variants with Chinese origin, which is an ultimate suggestion of both persistence and continuous evolution.

Please leave any comments about this article below:


Posted from my blog with SteemPress : https://latesthackingnews.com/2018/08/01/zombieboy-new-crypto-mining-malware-exploits-multiple-cves/

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Warning! This user is on my black list, likely as a known plagiarist, spammer or ID thief. Please be cautious with this post!
If you believe this is an error, please chat with us in the #cheetah-appeals channel in our discord.

Congratulations @twr! You have completed the following achievement on Steemit and have been rewarded with new badge(s) :

You published 4 posts in one day

Click on the badge to view your Board of Honor.
If you no longer want to receive notifications, reply to this comment with the word STOP

Do you like SteemitBoard's project? Then Vote for its witness and get one more award!