LIVE
EU Officials Plan MiCA Revision to Expand Rules for Non-EU Stablecoin IssuersHyundai Card Completes First Stablecoin-Based Cross-Border Intercompany Payment TestBitcoin Falls Below $62,000 as Selling Pressure BuildsRipple-Backed t54.ai Launches XRP Ledger AI HubCFTC Accuses Fund Manager of Hiding Crypto and Futures Losses Behind Fake Investor ReturnsBNB Chain Plans New Layer 1 Blockchain for Agentic TradingStrike Launches Bitcoin-Backed Loans With No Scheduled LiquidationsTether Invests $20 Million in Brazil's Mercado BitcoinNew Hampshire officials to hold hearing on proposed $100M Bitcoin-backed bondPolymarket Enables Bitcoin Deposits via Lightning NetworkEU Officials Plan MiCA Revision to Expand Rules for Non-EU Stablecoin IssuersHyundai Card Completes First Stablecoin-Based Cross-Border Intercompany Payment TestBitcoin Falls Below $62,000 as Selling Pressure BuildsRipple-Backed t54.ai Launches XRP Ledger AI HubCFTC Accuses Fund Manager of Hiding Crypto and Futures Losses Behind Fake Investor ReturnsBNB Chain Plans New Layer 1 Blockchain for Agentic TradingStrike Launches Bitcoin-Backed Loans With No Scheduled LiquidationsTether Invests $20 Million in Brazil's Mercado BitcoinNew Hampshire officials to hold hearing on proposed $100M Bitcoin-backed bondPolymarket Enables Bitcoin Deposits via Lightning Network
Homepage/Blockchain Technology/New Mining Malware Discovered: Will “ZombieBoy” Take the Crypto-World by Storm?
BLOCKCHAIN TECHNOLOGYNEWS

New Mining Malware Discovered: Will “ZombieBoy” Take the Crypto-World by Storm?

BY Vladimir C.·1 MIN READ·AUGUST 3, 2018

Dubbed ZombieBoy, the malware was gathering an average of $1000-worth of cryptocurrencies per month before its recent addresses were shut down. The report states that the malware can be traced back to the Monero mining pool MineXMR, and, due to the simplified mandarin it uses, it’s clear that it originated in China.

KEY FINDINGS - EVIDENCE LEVEL: MULTI-SOURCE
2Key sections mapped in this report
1Internal references connected to related coverage
3External source domains cited in the article
1 minEstimated time to read the full report

After the never-ending fluctuations of the market, the crypto community may be in for some more bad news. According to an investigation performed by the independent security researcher James Quinn, a new crypto mining malware is currently on the prowl.

The malware’s name comes after the toolkit it uses called ZombieBoyTools. The kit was used as a deployment system for its first dynamic link library file, and it uses WinEggDrop to search for its next victims. The report also states that the malware’s most common target is Monero (XMR) and Zcash (ZEC).

How ZombieBoy works

The security researcher also discovered how the malware infects the target systems. The malware uses various weak points in the OS’ architecture such as:

  • CVE-2017-9073, a Remote Desktop Protocol on ‘Windows XP’ and ‘Windows 2003’
  • CVE-2017-0146 and CVE-2017-0143 Server Message Block

The malware is still very hard to detect since it uses various back-doors. In short, the malware uses EternalBlue and DoublePulsar, two of the best exploits developed by the National Security Agency (NSA). With their help, the malware can actually take control of a device.

Even more concerning is the fact that ZombieBoy allegedly connects with other mining programs such as Iron Tiger Apt, a version of Gh0stRAT, as well as other Chinese such apps.

Whether ZombieBoy will become a popular threat or not remains to be seen. Until then, both private and public system administrators might have their hands full with taking countermeasures to prevent infestation.

SOURCE TRANSPARENCY
  • External Source - Referenced domain: alienvault.com
  • External Source - Referenced domain: getmonero.org
  • External Source - Referenced domain: z.cash
  • Byline - Reported by Vladimir C.
  • Coverage Desk - Primary editorial category: Blockchain Technology
  • Media Asset - Featured image served from the WordPress media library
New Mining Malware Discovered: Will “ZombieBoy” Take the Crypto-World by Storm? | TheCCPress