An independent cyber-security researcher James Quinn has warned of a new cryptocurrency mining malware called Zombieboy is on the rise. The name of the new malware was coined from the ZombieBoy tools kit which is used by the malware when it unleashed its first corrupted dynamic link library (.dll) file.
Quinn warned that Zombieboy is an extremely dangerous and infectious worm, just like MassMiner, even though, it uses WinEggDrop instead of MassScan when identifying new hosts. Clocked at 43 kilohertz per seconds (KH/s), the malware has since been siphoning more than $1,000 worth of Moreno per month. He gave more technical details about the malware in his statement.
He also disclosed that Zombieboy has been traced back to its origin in China due to the simplified mandarin language it was coded with. Its most common target is Monero [XMR] and Zcash [ZEC] and is suspected to be connected to other Chinese malware like IRON TIGER APT.
After infecting a new computer, ZombieBoy’s double backdoors would open the way for crypto-mining malware and other ransomware, keyloggers and other malicious tools.
Safety Measures against Crypto Malware
Without proper technical knowledge on cyber-security, it might be difficult to combat malware like Zombieboy. However, top IT security firms like IBM recommends that companies should block command-and-control (C&C) traffic that exploits like DoublePulsar and EternalBlue rely on using signatures such as SMB_EternalBlue_Implant_CnC and SMB_DoublePulsar_Implant_CnC.
Also, more combative measures include building stronger and more intelligent, integrated immune systems capable of responding to multiple threats, including crypto-mining, ransomware and distributed denial-of-service (DDoS) attacks. This ecosystem of solutions should include two-factor authentication (2FA), advanced web application firewalls and the ability to limit or disable unused ports and services.