Security News > 2020 > April > Dark_Nexus Botnet Compromises Thousands of ASUS, D-Link Routers
The botnet, called dark nexus, uses processes similar to previous dangerous IoT threats like the Qbot banking malware and Mirai botnet.
Dark nexus also borrows code and processes previously used by Qbot and the infamous Mirai botnet that launched the 2016 Dyn DDos attack.
Beyond these similarities researchers point to the dark nexus component lineup as a sign that the botnet it paving its own way.
The botnet also uses a unique technique meant to ensure "Supremacy" on the compromised device, researchers said: "Uniquely, dark nexus uses a scoring system based on weights and thresholds to assess which processes might pose a risk," they said.
Helios, a known botnet author who sells DDoS services and botnet code, as a possible creator of dark nexus.
News URL
https://threatpost.com/dark_nexus-botnet-asus-dlink-routers/154571/
Related news
- Malware botnets exploit outdated D-Link routers in recent attacks (source)
- Juniper warns of Mirai botnet targeting Session Smart routers (source)
- Juniper warns of Mirai botnet scanning for Session Smart routers (source)
- New botnet exploits vulnerabilities in NVRs, TP-Link routers (source)
- FICORA and Kaiten Botnets Exploit Old D-Link Vulnerabilities for Global Attacks (source)
- New Mirai botnet targets industrial routers with zero-day exploits (source)
- Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks (source)
- 13,000 MikroTik Routers Hijacked by Botnet for Malspam and Cyberattacks (source)
- Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet (source)