Feb. 2, 2024, 4:26 a.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

AhnLab SEcurity intelligence Center (ASEC) recently discovered that a CoinMiner targeting Zephyr is being distributed. The file is created with Autoit, and it is being spread in the form of a compressed file that contains the CoinMiner.


The compressed file is being distributed as “WINDOWS_PY_M3U_EXPLOIT_2024.7z,” and upon decompressing the file, several scripts and executables are created. Among them, “ComboIptvExploit.exe” is a Nullsoft Scriptable Install System (NSIS) installer, and two Javascript files exist within it.



Figure 1. WINDOWS_PY_M3U_EXPLOIT_2024.7z, decompressed



When the …

ahnlab asec autoit center coinminer distributed distribution file intelligence malware analysis scripts security security intelligence targeting zephyr

Privacy Engineer

@ Snap Inc. | Santa Monica - 2850 Ocean Park Blvd

Senior Security Researcher - Security Automation (Cortex)

@ Palo Alto Networks | Tel Aviv-Yafo, Israel

Information Systems Security Engineer (ISSE)

@ Interclypse | Annapolis Junction, MD, US

Information Systems Security Officer (ISSO)

@ Interclypse | Annapolis Junction, MD, US

Systems Security Engineer (Hybrid)

@ RTX | FL410: Largo FL MFG 7887 Bryan Dairy Road , Largo, FL, 33777 USA

Principal Cyber Security Engineer (Onsite)

@ RTX | HIA33: Cedar Rapids, IA (Intertrade) 400 Collins Road NE MS 153-220, Cedar Rapids, IA, 52411-6636 USA