Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

ZombieBoy, a new Monero miner that allows to earn $1,000 on a monthly basis

A security researcher discovered a new crypto mining worm dubbed ZombieBoy that leverages several exploits to evade detection. The security researcher James Quinn has spotted a new strain of crypto mining worm dubbed ZombieBoy that appears to be very profitable and leverages several exploits to evade detection. The expert called this new malware ZombieBoy because it uses a tool called […]

ZombieBoy

A security researcher discovered a new crypto mining worm dubbed ZombieBoy that leverages several exploits to evade detection.

The security researcher James Quinn has spotted a new strain of crypto mining worm dubbed ZombieBoy that appears to be very profitable and leverages several exploits to evade detection.

The expert called this new malware ZombieBoy because it uses a tool called ZombieBoyTools to drop the first dll, it uses some exploits to spread.

Unlike MassMiner cryptocurrency miner, ZombieBoy leverages WinEggDrop instead of MassScan to search for new hosts to infect.

ZombieBoy

The cryptocurrency uses Simplified Chinese language, which suggests that its author is a Chinese coder.

The ZombieBoy mine leverages several exploits, including:

ZombieBoy also uses both NSA-linked exploits DoublePulsar and EternalBlue exploits to remotely install the main dll. The malware used the ZombieBoyTools to install the two exploits.

Once the has established a backdoor in the target system it could deliver other families of malware, such as ransomware, and keyloggers.

According to Quinn’s, the 64.exe module downloaded by ZombieBoy uses the DoublePulsar exploit to install both an SMB backdoor as well as an RDP backdoor.

The same component uses XMRIG to mine Monero coins at 43 KH/s, that means that users can earn $1,000 on a monthly base at the current rate.

“In addition, 64.exe uses XMRIG to mine for XMR.  Prior to shutting down one of its addresses on minexmr.com, ZombieBoy was mining at around 43KH/s. This would earn the attackers slightly over $1,000 per month at current Monero prices.” continues the analysis.

Quinn highlighted that the miner is being updated constantly, he is observing new samples on a daily base.

The malware is able to detect VM and doesn’t run in a virtualized environment to make hard its detection.

Further details including IoCs are reported in the analysis published by the expert.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – miner, Monero)

[adrotate banner=”5″]

[adrotate banner=”13″]