Security News > 2023 > October > ShellBot Uses Hex IPs to Evade Detection in Attacks on Linux SSH Servers
2023-10-12 11:27
The threat actors behind ShellBot are leveraging IP addresses transformed into its hexadecimal notation to infiltrate poorly managed Linux SSH servers and deploy the DDoS malware. "The overall flow remains the same, but the download URL used by the threat actor to install ShellBot has changed from a regular IP address to a hexadecimal value," the AhnLab Security Emergency response Center (ASEC)
News URL
https://thehackernews.com/2023/10/shellbot-uses-hex-ips-to-evade.html
Related news
- New BPFDoor Controller Enables Stealthy Lateral Movement in Linux Server Attacks (source)
- Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems (source)
- Linux 'io_uring' security blindspot allows stealthy rootkit attacks (source)
- Hitachi Vantara takes servers offline after Akira ransomware attack (source)
- Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack (source)
- Samsung MagicINFO 9 Server RCE flaw now exploited in attacks (source)
- Chinese hackers behind attacks targeting SAP NetWeaver servers (source)
- Hackers now testing ClickFix attacks against Linux targets (source)
- New PumaBot Botnet Targets Linux IoT Devices to Steal SSH Credentials and Mine Crypto (source)
- China-Linked Hackers Exploit SAP and SQL Server Flaws in Attacks Across Asia and Brazil (source)