The new ZombieBoy cryptojacking software raises $ 1,000 a month and, of course, Monero (XMR) is the currency used by hackers.
A new family of mining malware, called ZombieBoy, earns its operators about $ 1,000 a month, a report published by independent researcher James Quinn, showed.
The cryptographic tool is a contagious worm, similar to MassMiner.
"Before closing one of its addresses on minexmr.com, ZombieBoy was extracting around 43KH / s, which would mean earning a little more than $ 1,000 per month to Monero's current prices," noted Quinn.
Like MassMiner, ZombieBoy uses some exploits to spread, but uses WinEggDrop instead of MassScan to look for new hosts. The malware has been constantly updated, according to Quinn.
Most likely, the origin of this malware is China, as the tool has a Chinese interface. The worm is updated quite frequently, with new versions discovered almost daily.
The virus uses numerous network vulnerabilities. A problem with the Remote Desktop Protocol (RDP) with Windows XP and Windows Server 2003, or alternatively a Server Message Block (SMB), takes advantage of the first step. Subsequently, EternalBlue and DoublePulsar are used to create backdoors.
This approach provides access to the wider network and limits detection capacity. ZombieBoy is hard to decode because of its cryptography Themdia. Furthermore, the current version of the worm can spot virtual machines (VMs) and will not operate on them.
Cryptography malware for mining is one of the hottest types of viruses in 2018, surpassing ransomware. The two have major differences and even the cryptocurrencies they use are almost always different. Bitcoin is preferred by those who demand payment from users, while cryptographers who often choose Monero (XMR) or zCash (ZEC) as a ransom are much more likely to be paid with an easily accessible currency, while privacy is the main concern of hackers. Some authorities, such as the Japanese FSA, are even considering banning the last group of altcoins from trade, by their very nature.