Security News > 2023 > June > New Condi Malware Hijacking TP-Link Wi-Fi Routers for DDoS Botnet Attacks

A new malware called Condi has been observed exploiting a security vulnerability in TP-Link Archer AX21 Wi-Fi routers to rope the devices into a distributed denial-of-service botnet.
"The Telegram channel was started in May 2022, and the threat actor has been monetizing its botnet by providing DDoS-as-a-service and selling the malware source code," security researchers Joie Salvio and Roy Tay said.
Fortinet said it came across other Condi samples that exploited several known security flaws for propagation, suggesting that unpatched software is at risk of being targeted by botnet malware.
The aggressive monetization tactics aside, Condi aims to ensnare the devices to create a powerful DDoS botnet that can be rented by other actors to orchestrate TCP and UDP flood attacks on websites and services.
The Tsunami botnet malware used in the attack is a new variant called Ziggy that shares significant overlaps with the original source code.
"Administrators should use passwords that are difficult to guess for their accounts and change them periodically to protect the Linux server from brute force attacks and dictionary attacks and update to the latest patch to prevent vulnerability attacks," ASEC said.
News URL
https://thehackernews.com/2023/06/new-condi-malware-hijacking-tp-link-wi.html
Related news
- New Eleven11bot botnet infects 86,000 devices for DDoS attacks (source)
- Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking (source)
- DDoS attacks reportedly behind DayZ and Arma network outages (source)
- Gcore DDoS Radar Reveals 56% YoY Increase in DDoS Attacks (source)
- Botnet targets Basic Auth in Microsoft 365 password spray attacks (source)
- Silver Fox APT Uses Winos 4.0 Malware in Cyber Attacks Against Taiwanese Organizations (source)
- Vo1d malware botnet grows to 1.6 million Android TVs worldwide (source)
- Unpatched Edimax IP camera flaw actively exploited in botnet attacks (source)
- 94% of Wi-Fi networks lack protection against deauthentication attacks (source)
- New MassJacker Malware Targets Piracy Users, Hijacking Cryptocurrency Transactions (source)