Foreign media: New mining malware ZombieBoy appears from China

According to Ambcrypto, private security researcher James Quinn discovered a new crypto mining malware called ZombieBoy earlier this week. This malware uses WinEggDrop to search for its next infected victim. Its most common targets are Monero (XMR) and Zcash (ZEC). The malware initially mined $1,000 per month.

According to Quinn, the malware collected an average of $1,000 in cryptocurrency every 30 days, and recently shut down its address, which can be traced back to the Monero mining pool MineXMR. This malware can be traced back to its origins in China due to its use of simplified Mandarin. Its most common targets are Monero [XMR] and Zcash [ZEC].

The malware attacks its victims by infecting their systems using certain weaknesses such as: CVE-2017-9073 mainly in the Remote Desktop Protocol on Windows XP and Windows 2003 and Server Message Block using CVE-2017-0146 and CVE-2017-0143. Moreover, in order to create numerous backdoors, the malware exploits EternalBlue and DoublePulsar developed by the National Security Agency (NSA) to gain access control over the devices or machines. This increases the possibility of crashing the network while also making it impossible for the IT department to identify and eliminate any threats. Encoding a pop-up window with Themedia blocks the malware from running on the virtual machine, thus, making it almost impossible to track its activities using reverse engineering.

Reports show that ZombieBoy was recently found to be linked to another mining project of the same origin, IronTiger APT (a version of Gh0stRAT), as well as other mining malware originating from China, indicating that it is constantly evolving and solving problems.