Zealot – New Spooky Cryptocurrency Miner

Windows Articles

How to access System in Windows 10

Perhaps the title of this post is misleading. In previous versions of Windows, it was enough to enter the Control Panel and from there,...

Microsoft reduces the fragmentation of Windows 10

Windows 10 20H2 has been released as a minor operating system update. As a result, it has managed to reduce platform errors. In addition,...

How to install Nginx and PHP on FreeBSD?

Hello, friends. FreeBSD is a secure system even more than Linux, that's why it's used as the main server. And a server has to...

How to enable local port forwarding using Ubuntu 20.04 and ssh

SSH, a very popular tool found almost with every IT guy. Commonly, when we talk about the insecure network for data, ssh is the...

How to use CHKDSK in Windows 10

Hello! It is very important to ensure the integrity of the hard disk in the computer. Since it is an essential element for the...
Avatar
Mel Khamlichi
Webmaster and technical Director at Osradar.com Linux/Unix Guru Technology and hardware addicted Location : Amsterdam Netherlands

Cryptocurrency is a very valuable currency in the current world. Bitcoin is the perfect example. It only started years ago, but its price has reached sky-high. The maximum value reached up to $17,000+ per Bitcoin. Because of this lucrative value, people are getting more and more interested in Bitcoin and other cryptocurrencies. However, the number of maximum available Bitcoin is limited, as it has to be mined. The mining process takes a lot of hardware resource and time. Zealot is a whole new spooky malware that’s installing miner programs to illegally use hardware resource on many devices.

Cryptocurrency mining

Before understanding Zealot, let’s take a look how cryptocurrencies are mined. Let’s talk about Bitcoin – the most popular one. Mining is a process that verifies every cryptocurrency exchange and adds it to the public ledger. In this process, for every successful enlisting, more Bitcoins are adding to the system. This mining process is just compiling recent transactions into blocks and trying to solve them as a puzzle. However, this mining process needs a lot of calculations and hardware power. The more hardware, the faster you’ll be able to mine. The more successful mining, the more money you’ll get.

What is Zealot?

Zealot, a new Apache Struts campaign, has started to install cryptocurrency mining tools into Windows and Linux machines. The malware installs mining tool for Monero, the most used cryptocurrency used in recent malware attacks.

How Zealot works

According to the F5 Labs researchers who discovered this campaign, Zealot uses NSA-linked EternalSynergy and EternalBlue exploits. This malware assaults computer users using a multi-staged attack, exploiting servers to be vulnerable to the DotNetNuke & Jakarta Multipart Parser attack.

Zealot is the first campaign that uses the NSA exploits to spread throughout a network.

In Windows PC, the STRUTS payload starts running a hidden PowerShell interpreter using a base64 encoded code. The process downloads a script named “scv.ps1” and this installs the miner malware. This malware also installs Python 2.7.

On Linux systems, a shell command “nohup” continues running in the background, executing a spearhead bash script. The malware then checks if the miner is present. If not, it installs the malware miner named “mule”.

Zealot attacks using EmpireProject, a PowerShell and Python post-exploitation agent. A fun fact, the names for this malware’s scripts like “Zealot”, “Observer”, “Raven”, “Overlord” etc. are taken from the famous StarCraft game.

Why Zealot is bad

Now, you might ask that Zealot is turning your machine into a miner, what’s bad in it? I’ll get money! Yahoo!

Just calm down. It’s not you; you’ll never be you who’ll get all the money. The hacker who spread Zealot will get all the money to his Monero account. Monero is an open-source cryptocurrency that was created in 2014.

As cryptocurrency mining depends on hardware especially CPU, it’s costly to buy that powerful mining machine and relative hardware. So, Zealot is turning your machine into their FREE miners – you do all the hard work, and get nothing!

Not only that, such exploit could even do other harms like stealing your info, break your system or even spy on your every single move – really spooky!

What to do now

Zealot is a malware that uses the Java platform so that it’s a cross-platform bug. If your system uses Java, update it to the latest version. Update your Windows and Linux as well.

The DotNetNuke requires a content management system based on ASP.NET, sending a serialized object via a vulnerable “DNNPersonalization” cookie. It also incorporates “ObjectDataProvider” gadget & “ObjectStateFormatter” for embedding another object. According to Sally Khudairi, Vice President of marketing & publicity of the Apache Software Foundation, a patch was released for the issue in March.

It seems that hackers are attacking open-source software more and more. The reason is quite clear. For every open-source method, the developers don’t push the updates to users – they have to download them on their own. Only continuous monitoring of hosts will ensure enterprise security.

Keep your system updated, and keep a sharp look for any suspicious activity or resource-hungry processes. That’s the only way to stop Zealot from using you.

More articles

1 COMMENT

  1. Hey very cool site!! Man .. Excellent .. Superb .. I will bookmark your site and take the feeds additionally?
    I am happy to find a lot of useful information right
    here within the post, we’d like work out
    extra strategies in this regard, thank you for sharing.
    . . . . .

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

How to access System in Windows 10

Perhaps the title of this post is misleading. In previous versions of Windows, it was enough to enter the Control Panel and from there,...

Microsoft reduces the fragmentation of Windows 10

Windows 10 20H2 has been released as a minor operating system update. As a result, it has managed to reduce platform errors. In addition,...

How to install Nginx and PHP on FreeBSD?

Hello, friends. FreeBSD is a secure system even more than Linux, that's why it's used as the main server. And a server has to...

How to enable local port forwarding using Ubuntu 20.04 and ssh

SSH, a very popular tool found almost with every IT guy. Commonly, when we talk about the insecure network for data, ssh is the...

How to use CHKDSK in Windows 10

Hello! It is very important to ensure the integrity of the hard disk in the computer. Since it is an essential element for the...
x