Security News > 2023 > February > Medusa botnet returns as a Mirai-based variant with ransomware sting
A new version of the Medusa DDoS botnet, based on Mirai code, has appeared in the wild, featuring a ransomware module and a Telnet brute-forcer.
Medusa is an old malware strain being advertised in darknet markets since 2015, which later added HTTP-based DDoS capabilities in 2017.
Medusa is now promoted as a MaaS for DDoS or mining via a dedicated portal.
What's particularly interesting in this new Medusa variant is a ransomware function that enables it to search all directories for valid file types for encryption.
It's worth noting that while the new version of Medusa features a data exfiltration tool, it does not steal user files before encryption.
Finally, upon establishing a Telnet connection, the malware infects the system with the primary Medusa payload. The final Medusa payload also has incomplete support for receiving the "FivemBackdoor" and "Sshlogin" commands.