Security News

New PurpleFox botnet variant uses WebSockets for C2 communication
2021-10-20 12:39

The PurpleFox botnet has refreshed its arsenal with new vulnerability exploits and dropped payloads, now also leveraging WebSockets for C2 bidirectional communication. Although it's mainly based in China, the PurpleFox botnet still has a global presence through hundreds of compromised servers.

Newer PurpleFox botnet variants leverage WebSockets for coms
2021-10-20 12:39

The PurpleFox botnet has refreshed its arsenal with new vulnerability exploits and dropped payloads, now also leveraging WebSockets for C2 bidirectional communication. Although it's mainly based in China, the PurpleFox botnet still has a global presence through hundreds of compromised servers.

FreakOut Botnet Turns DVRs Into Monero Cryptominers
2021-10-13 20:17

Threat group FreakOut's Necro botnet has developed a new trick: infecting Visual Tools DVRs with a Monero miner. Juniper Threat Labs researchers have issued a report detailing new activities from FreakOut, also known as Necro Python and Python.

MyKings botnet still active and making massive amounts of money
2021-10-13 17:14

The MyKings botnet is still actively spreading, making massive amounts of money in crypto, five years after it first appeared in the wild. Being one of the most analyzed botnets in recent history, MyKings is particularly interesting to researchers thanks to its vast infrastructure and versatile features, including bootkits, miners, droppers, clipboard stealers, and more.

FreakOut botnet now attacks vulnerable video DVR devices
2021-10-12 15:58

A new update to the FreakOut Python botnet has added a recently published PoC exploit for Visual Tools DVR in its arsenal to further aid in breaching systems. Mining Monero on a DVR. Researchers at Juniper Threat Labs have analyzed a recent sample of the malware, and warn that Visual Tools DVR VX16 4.2.28.0 from visual-tools.com is being targeted with an exploit for a CVE-less flaw.

Ukraine Arrests Operator of DDoS Botnet with 100,000 Compromised Devices
2021-10-11 21:46

Ukrainian law enforcement authorities on Monday disclosed the arrest of a hacker responsible for the creation and management of a "Powerful botnet" consisting of over 100,000 enslaved devices that was used to carry out distributed denial-of-service and spam attacks on behalf of paid customers. The Ukrainian police agency said it conducted a raid of the suspect's residence and seized their computer equipment as evidence of illegal activity.

WireX DDoS botnet admin charged for attacking hotel chain
2021-09-30 13:14

The US Department of Justice charged the admin of the WireX Android botnet for targeting an American multinational hotel chain in a distributed denial-of-service attack. Izzet Mert Ozek, the defendant, used the botnet which consisted of tens of thousands of enslaved Android devices - more than 120,000 based on the unique IP addresses observed in some WireX attacks - to target the company's online booking system website in August 2017.

MikroTik shares info on securing routers hit by massive Mēris botnet
2021-09-15 18:57

Latvian network equipment manufacturer MikroTik has shared details on customers can secure and clean routers enslaved by the massive Mēris DDoS botnet over the summer. "As far as we have seen, these attacks use the same routers that were compromised in 2018, when MikroTik RouterOS had a vulnerability, that was quickly patched," a MicroTik spokesperson told BleepingComputer.

Mēris Botnet Hit Russia's Yandex With Massive 22 Million RPS DDoS Attack
2021-09-11 04:18

Russian internet giant Yandex has been the target of a record-breaking distributed denial-of-service attack by a new botnet called M?ris. The botnet is believed to have pummeled the company's web infrastructure with millions of HTTP requests, before hitting a peak of 21.8 million requests per second, dwarfing a recent botnet-powered attack that came to light last month, bombarding an unnamed Cloudflare customer in the financial industry with 17.2 million RPS. Russian DDoS mitigation service Qrator Labs, which disclosed details of the attack on Thursday, called M?ris - meaning "Plague" in the Latvian language - a "Botnet of a new kind."

Yandex Pummeled by Potent Meris DDoS Botnet
2021-09-10 16:31

Technical details tied to a record-breaking distributed-denial-of-service attack against Russian internet behemoth Yandex are surfacing as the digital dust settles. Attackers, according to Qrator Labs, exploited a 2018 bug unpatched in more than 56,000 MikroTik hosts involved in the DDoS attack.