Security News

Authorities Shut Down Russian RSOCKS Botnet That Hacked Millions of Devices
2022-06-17 23:11

The U.S. Department of Justice on Thursday disclosed that it took down the infrastructure associated with a Russian botnet known as RSOCKS in collaboration with law enforcement partners in Germany, the Netherlands, and the U.K. The botnet, operated by a sophisticated cybercrime organization, is believed to have ensnared millions of internet-connected devices, including Internet of Things devices, Android phones, and computers for use as a proxy service. "The RSOCKS botnet offered its clients access to IP addresses assigned to devices that had been hacked," the DoJ said in a press release.

International operation takes down Russian RSOCKS botnet
2022-06-17 19:38

A Russian operated botnet known as RSOCKS has been shut down by the US Department of Justice acting with law enforcement partners in Germany, the Netherlands and the UK. It is believed to have compromised millions of computers and other devices around the globe. The RSOCKS botnet functioned as an IP proxy service, but instead of offering legitimate IP addresses leased from internet service providers, it was providing criminals with access to the IP addresses of devices that had been compromised by malware, according to a statement from the US Attorney's Office in the Southern District of California.

Russian RSocks botnet disrupted after hacking millions of devices
2022-06-17 14:17

The U.S. Department of Justice has announced the disruption of the Russian RSocks malware botnet used to hijack millions of computers, Android smartphones, and IoT devices worldwide for use as proxy servers. A botnet is a swarm of devices that threat actors can remotely control to perform various behavior, including DDoS attacks, crypto mining, and deploying additional malware.

Panchan: A New Golang-based Peer-To-Peer Botnet Targeting Linux Servers
2022-06-15 20:12

A new Golang-based peer-to-peer botnet has been spotted actively targeting Linux servers in the education sector since its emergence in March 2022. Dubbed Panchan by Akamai Security Research, the malware "Utilizes its built-in concurrency features to maximize spreadability and execute malware modules" and "Harvests SSH keys to perform lateral movement."

New botnet and cryptominer Panchan attacking Linux servers
2022-06-15 13:00

New botnet and cryptominer Panchan attacking Linux servers. Akamai Security Research announced on Wednesday it has uncovered a new botnet attacking the Linux servers of telecom and education providers in Asia, Europe and the Americas.

New peer-to-peer botnet infects Linux servers with cryptominers
2022-06-15 13:00

A new peer-to-peer botnet named Panchan appeared in the wild around March 2022, targeting Linux servers in the education sector to mine cryptocurrency. At the same time, it has powerful detection avoidance capabilities, such as using memory-mapped miners and dynamically detecting process monitoring to stop the mining module immediately.

Linux botnets now exploit critical Atlassian Confluence bug
2022-06-08 18:22

Several botnets are now using exploits targeting a critical remote code execution vulnerability to infect Linux servers running unpatched Atlassian Confluence Server and Data Center installs. After proof-of-concept exploits were published online, cybersecurity firm GreyNoise said it detected an almost ten-fold increase in active exploitation, from 23 IP addresses attempting to exploit it to more than 200.

New XLoader Botnet Version Using Probability Theory to Hide its C&C Servers
2022-06-01 03:16

"Now it is significantly harder to separate the wheat from the chaff and discover the real C&C servers among thousands of legitimate domains used by Xloader as a smokescreen," Israeli cybersecurity company Check Point said. The latest findings from Check Point build on a previous report from Zscaler in January 2022, which revealed the inner workings of the malware's C&C network encryption and communication protocol, noting its use of decoy servers to conceal the legitimate server and evade malware analysis systems.

New XLoader botnet uses probability theory to hide its servers
2022-05-31 15:45

Threat analysts have spotted a new version of the XLoader botnet malware that uses probability theory to hide its command and control servers, making it difficult to disrupt the malware's operation. XLoader already camouflaged its actual command and control servers in version 2.3 by hiding the real domain name in a configuration that includes 63 decoys.

EnemyBot Linux Botnet Now Exploits Web Server, Android and CMS Vulnerabilities
2022-05-30 21:11

A nascent Linux-based botnet named Enemybot has expanded its capabilities to include recently disclosed security vulnerabilities in its arsenal to target web servers, Android devices, and content management systems. "The malware is rapidly adopting one-day vulnerabilities as part of its exploitation capabilities," AT&T Alien Labs said in a technical write-up published last week.