Security News > 2021 > June > Necro Python Malware Upgrades With New Exploits and Crypto Mining Capabilities
New upgrades have been made to a Python-based "Self-replicating, polymorphic bot" called Necro in what's seen as an attempt to improve its chances of infecting vulnerable systems and evading detection.
"Although the bot was originally discovered earlier this year, the latest activity shows numerous changes to the bot, ranging from different command-and-control communications and the addition of new exploits for spreading, most notably vulnerabilities in VMWare vSphere, SCO OpenServer, Vesta Control Panel and SMB-based exploits that were not present in the earlier iterations of the code," researchers from Cisco Talos said in a deep-dive published today.
Said to be in development as far back as 2015, Necro targets both Linux and Windows devices, with heightened activity observed at the start of the year as part of a malware campaign dubbed "FreakOut" that was found exploiting vulnerabilities in network-attached storage devices running on Linux machines to co-opt the machines into a botnet for launching distributed denial-of-service attacks and mining Monero cryptocurrency.
While previous versions of the malware exploited flaws in Liferay Portal, Laminas Project, and TerraMaster, the latest variants observed on May 11 and 18 feature command injection exploits targeting Vesta Control Panel, ZeroShell 3.9.0, SCO OpenServer 5.0.7, as well as a remote code execution flaw impacting VMWare vCenter that was patched by the company in February.
These new additions serve to highlight that the malware author is actively developing new methods of spreading by taking advantage of publicly disclosed vulnerabilities.
"Necro Python bot shows an actor that follows the latest development in remote command execution exploits on various web applications and includes the new exploits into the bot," Talos researchers said.
News URL
Related news
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)
- Researchers Uncover Python Package Targeting Crypto Wallets with Malicious Code (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- SteelFox and Rhadamanthys Malware Use Copyright Scams, Driver Exploits to Target Victims (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- Cybercriminals Use Excel Exploit to Spread Fileless Remcos RAT Malware (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Botnet exploits GeoVision zero-day to install Mirai malware (source)
- PyPI Python Library "aiocpa" Found Exfiltrating Crypto Keys via Telegram Bot (source)