Security News > 2021 > January > FreakOut! Ongoing Botnet Attack Exploiting Recent Linux Vulnerabilities
An ongoing malware campaign has been found exploiting recently disclosed vulnerabilities in network-attached storage devices running on Linux systems to co-opt the machines into an IRC botnet for launching distributed denial-of-service attacks and mining Monero cryptocurrency.
Regardless of the vulnerabilities exploited, the end goal of the attacker appears to be to download and execute a Python script named "Out.py" using Python 2, which reached end-of-life last year - implying that the threat actor is banking on the possibility that that victim devices have this deprecated version installed.
"The malware, downloaded from the site hxxp://gxbrowser[.]net, is an obfuscated Python script which contains polymorphic code, with the obfuscation changing each time the script is downloaded," the researchers said, adding the first attack attempting to download the file was observed on January 8.
The hosts can be commandeered as a part of a botnet operation for crypto-mining, spreading laterally across the network, and launching attacks on outside targets while masquerading as the victim company.
With hundreds of devices already infected within days of launching the attack, the researchers warn, FreakOut will ratchet up to higher levels in the near future.
"What we have identified is a live and ongoing cyber attack campaign targeting specific Linux users," said Adi Ikan, head of network cybersecurity Research at Check Point.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/XiqkA-hTYq4/freakout-ongoing-botnet-attack.html
Related news
- FICORA and Kaiten Botnets Exploit Old D-Link Vulnerabilities for Global Attacks (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- OvrC Platform Vulnerabilities Expose IoT Devices to Remote Attacks and Code Execution (source)
- New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems (source)
- VPN vulnerabilities, weak credentials fuel ransomware attacks (source)
- New botnet exploits vulnerabilities in NVRs, TP-Link routers (source)