Security News

FBI-Led Global Effort Takes Down Massive Qakbot Botnet
2023-08-30 23:18

After more than 15 years in the wild, the Qakbot botnet, a zombie network of over 700,000 computers worldwide, is hanging on the FBI's trophy wall for now. A multinational action called Operation "Duck Hunt" - led by the FBI, the Department of Justice, the National Cybersecurity Alliance, Europol, and crime officials in France, Germany, the Netherlands, Romania, Latvia and the U.K. - was able to gain access to the Qakbot network and shut down the malicious botnet, which has affected 700,000 computers worldwide.

Qakbot botnet disrupted, malware removed from 700,000+ victim computers
2023-08-29 18:10

The Qakbot botnet has been crippled by the US Department of Justice: 52 of its servers have been seized and the popular malware loader has been removed from over 700,000 victim computers around the world. "To disrupt the botnet, the FBI was able to redirect Qakbot botnet traffic to and through servers controlled by the FBI, which in turn instructed infected computers in the United States and elsewhere to download a file created by law enforcement that would uninstall the Qakbot malware. This uninstaller was designed to untether the victim computer from the Qakbot botnet, preventing further installation of malware through Qakbot," the Department explained.

Qakbot botnet dismantled after infecting over 700,000 computers
2023-08-29 16:54

Qakbot, one of the largest and longest-running botnets to date, was taken down following a multinational law enforcement operation spearheaded by the FBI and known as Operation 'Duck Hunt.' [...]

Massive 400,000 proxy botnet built with stealthy malware infections
2023-08-16 15:31

Researchers have uncovered a massive campaign that delivered proxy server apps to at least 400,000 Windows systems. Some proxy companies sell access to residential proxies and offer monetary rewards to users who agree to share their bandwidth.

P2PInfect server botnet spreads using Redis replication feature
2023-07-31 15:31

Threat actors are actively targeting exposed instances of SSH and Redis Redis open-source data store with a peer-to-peer self-replicating worm with versions for both Windows and Linux that the malware authors named P2Pinfect. After compromising a vulnerable Redis instance with an initial payload, P2PInfect downloads new OS-specific scripts and malicious binaries and adds the server to its list of infected systems.

AVRecon Botnet Leveraging Compromised Routers to Fuel Illegal Proxy Service
2023-07-31 09:25

More details have emerged about a botnet called AVRecon, which has been observed making use of compromised small office/home office routers as part of a multi-year campaign active since at least May 2021. AVRecon was first disclosed by Lumen Black Lotus Labs earlier this month as malware capable of executing additional commands and stealing victim's bandwidth for what appears to be an illegal proxy service made available for other actors.

Hackers Target Apache Tomcat Servers for Mirai Botnet and Crypto Mining
2023-07-27 10:46

Misconfigured and poorly secured Apache Tomcat servers are being targeted as part of a new campaign designed to deliver the Mirai botnet malware and cryptocurrency miners. The findings come...

DDoS Botnets Hijacking Zyxel Devices to Launch Devastating Attacks
2023-07-21 09:03

Several distributed denial-of-service botnets have been observed exploiting a critical flaw in Zyxel devices that came to light in April 2023 to gain remote control of vulnerable systems. "Through the capture of exploit traffic, the attacker's IP address was identified, and it was determined that the attacks were occurring in multiple regions, including Central America, North America, East Asia, and South Asia," Fortinet FortiGuard Labs researcher Cara Lin said.

New SOHO Router Botnet AVrecon Spreads to 70,000 Devices Across 20 Countries
2023-07-14 07:40

A new malware strain has been found covertly targeting small office/home office routers for more than two years, infiltrating over 70,000 devices and creating a botnet with 40,000 nodes spanning 20 countries. Lumen Black Lotus Labs has dubbed the malware AVrecon, making it the third such strain to focus on SOHO routers after ZuoRAT and HiatusRAT over the past year.

AVrecon malware infects 70,000 Linux routers to build botnet
2023-07-14 06:35

Since at least May 2021, stealthy Linux malware called AVrecon was used to infect over 70,000 Linux-based small office/home office routers to a botnet designed to steal bandwidth and provide a hidden residential proxy service. According to Lumen's Black Lotus Labs threat research team, while the AVrecon remote access trojan compromised over 70,000 devices, only 40,000 were added to the botnet after gaining persistence.