Security News

MyloBot Botnet Spreading Rapidly Worldwide: Infecting Over 50,000 Devices Daily
2023-02-21 13:39

A sophisticated botnet known as MyloBot has compromised thousands of systems, with most of them located in India, the U.S., Indonesia, and Iran. "What makes Mylobot dangerous is its ability to download and execute any type of payload after it infects a host," Lumen's Black Lotus Labs said in November 2018.

New Mirai Botnet Variant 'V3G4' Exploiting 13 Flaws to Target Linux and IoT Devices
2023-02-17 09:25

A new variant of the notorious Mirai botnet has been found leveraging several security vulnerabilities to propagate itself to Linux and IoT devices. "Once the vulnerable devices are compromised, they will be fully controlled by attackers and become a part of the botnet," Unit 42 researchers said.

New Mirai malware variant infects Linux devices to build DDoS botnet
2023-02-16 22:12

A new Mirai botnet variant tracked as 'V3G4' targets 13 vulnerabilities in Linux-based servers and IoT devices to use in DDoS attacks. The malware spreads by brute-forcing weak or default telnet/SSH credentials and exploiting hardcoded flaws to perform remote code execution on the target devices.

Medusa botnet returns as a Mirai-based variant with ransomware sting
2023-02-07 18:00

A new version of the Medusa DDoS botnet, based on Mirai code, has appeared in the wild, featuring a ransomware module and a Telnet brute-forcer. Medusa is an old malware strain being advertised in darknet markets since 2015, which later added HTTP-based DDoS capabilities in 2017.

Botnets exploited Realtek SDK critical bug in millions of attacks
2023-01-25 18:00

Hackers have leveraged a critical remote code execution vulnerability in Realtek Jungle SDK 134 million attacks trying to infect smart devices in the second half of 2022. Unit 42 logged activity leveraging CVE-2021-35394 from all over the world but almost half of the attacks originated from the United States.

Zerobot Botnet Emerges as a Growing Threat with New Exploits and Capabilities
2022-12-22 09:39

The Zerobot DDoS botnet has received substantial updates that expand on its ability to target more internet-connected devices and scale its network. "The most recent distribution of Zerobot includes additional capabilities, such as exploiting vulnerabilities in Apache and Apache Spark, and new DDoS attack capabilities," Microsoft researchers said.

KmsdBot Botnet Suspected of Being Used as DDoS-for-Hire Service
2022-12-20 12:24

An ongoing analysis of the KmsdBot botnet has raised the possibility that it's a DDoS-for-hire service offered to other threat actors. KmsdBot is a Go-based malware that leverages SSH to infect systems and carry out activities like cryptocurrency mining and launch commands using TCP and UDP to mount distributed denial-of-service attacks.

Glupteba Botnet Continues to Thrive Despite Google's Attempts to Disrupt It
2022-12-19 13:09

The operators of the Glupteba botnet resurfaced in June 2022 as part of a renewed and "Upscaled" campaign, months after Google disrupted the malicious activity. Specifically, the botnet is designed to search the public Bitcoin blockchain for transactions related to wallet addresses owned by the threat actor so as to fetch the encrypted C2 server address.

Minecraft Servers Under Attack: Microsoft Warns About Cross-Platform DDoS Botnet
2022-12-16 07:10

Microsoft on Thursday flagged a cross-platform botnet that's primarily designed to launch distributed denial-of-service attacks against private Minecraft servers. Called MCCrash, the botnet is characterized by a unique spreading mechanism that allows it to propagate to Linux-based devices despite originating from malicious software downloads on Windows hosts.

A Security Vulnerability in the KmsdBot Botnet
2022-12-15 12:10

With no error-checking built in, sending KmsdBot a malformed command­-like its controllers did one day while Akamai was watching­-created a panic crash with an "Index out of range" error. Because there's no persistence, the bot stays down, and malicious agents would need to reinfect a machine and rebuild the bot's functions.