Security News > 2023 > February > Medusa botnet returns as a Mirai-based variant with ransomware sting
A new version of the Medusa DDoS botnet, based on Mirai code, has appeared in the wild, featuring a ransomware module and a Telnet brute-forcer.
Medusa is an old malware strain being advertised in darknet markets since 2015, which later added HTTP-based DDoS capabilities in 2017.
Medusa is now promoted as a MaaS for DDoS or mining via a dedicated portal.
What's particularly interesting in this new Medusa variant is a ransomware function that enables it to search all directories for valid file types for encryption.
It's worth noting that while the new version of Medusa features a data exfiltration tool, it does not steal user files before encryption.
Finally, upon establishing a Telnet connection, the malware infects the system with the primary Medusa payload. The final Medusa payload also has incomplete support for receiving the "FivemBackdoor" and "Sshlogin" commands.
News URL
Related news
- Juniper Warns of Mirai Botnet Targeting SSR Devices with Default Passwords (source)
- Juniper warns of Mirai botnet targeting Session Smart routers (source)
- Juniper warns of Mirai botnet scanning for Session Smart routers (source)
- New Mirai botnet targets industrial routers with zero-day exploits (source)
- Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks (source)
- Mirai Botnet Launches Record 5.6 Tbps DDoS Attack with 13,000+ IoT Devices (source)
- Mirai botnet behind the largest DDoS attack to date (source)
- Why is my Mitel phone DDoSing strangers? Oh, it was roped into a new Mirai botnet (source)