Security News

Hey webop geeks, you are already dead, a note claiming to be left by the REvil ransomware gang declared, embedded into the attack itself as a string of text in the URL for the extortion demand. In a post that detailed mitigation of a recent attack that hit up to 2.5 Mrps on a single website, Imperva's Nelli Klepfish shared several chest-thumping ransom notes - a screen capture of one is included below - that its targeted customer received before the attack started.

The Log4Shell vulnerabilities in the widely used Log4j software are still leveraged by threat actors today to deploy various malware payloads, including recruiting devices into DDoS botnets and for planting cryptominers. The threat actor can then control this botnet to perform DDoS attacks against a specific target, depleting their resources and disrupting their online service.

Emotet is a sophisticated, constantly changing modular botnet. On November 14, 2021, Emotet was reborn with a new version.

The modular Windows crimeware platform known as TrickBot formally shuttered its infrastructure on Thursday after reports emerged of its imminent retirement amid a lull in its activity for almost two months, marking an end to one of the most persistent malware campaigns in recent years. Attributed to a Russia-based criminal enterprise called Wizard Spider, TrickBot started out as a financial trojan in late 2016 and is a derivative of another banking malware called Dyre that was dismantled in November 2015.

Intelligence agencies in the U.K. and the U.S. disclosed details of a new botnet malware called Cyclops Blink that's been attributed to the Russian-backed Sandworm hacking group and deployed in attacks dating back to 2019. "Cyclops Blink appears to be a replacement framework for the VPNFilter malware exposed in 2018, which exploited network devices, primarily small office/home office routers, and network-attached storage devices," the agencies said.

A new Golang-based botnet under active development has been ensnaring hundreds of Windows devices each time its operators deploy a new command and control server. First spotted in October 2021 by ZeroFox researchers who dubbed it Kraken, this previously unknown botnet uses the SmokeLoader backdoor and malware downloader to spread to new Windows systems.

Cybersecurity researchers have unpacked a new Golang-based botnet called Kraken that's under active development and features an array of backdoor capabilities to siphon sensitive information from compromised Windows hosts. The botnet - not to be confused with a 2008 botnet of the same name - is perpetuated using SmokeLoader, which chiefly acts as a loader for next-stage malware, allowing it to quickly scale in size and expand its network.

Kraken has already spread like wildfire, but in the past few months, the malware's author has been tinkering away, adding more infostealers and backdoors. There's a new, still-under-development, Golang-based botnet called Kraken with a level of brawn that belies its youth: It's using the SmokeLoader malware loader to spread like wildfire and is already raking in a tidy USD $3,000/month for its operators, researchers report.

The FritzFrog botnet that's been active for more than two years has resurfaced with an alarming infection rate, growing ten times in just a month of hitting healthcare, education, and government systems with an exposed SSH server. Researchers at internet security company Akamai spotted a new version of the FritzFrog malware, which comes with interesting new functions, like using the Tor proxy chain.

A peer-to-peer Golang botnet has resurfaced after more than a year to compromise servers belonging to entities in the healthcare, education, and government sectors within a span of a month, infecting a total of 1,500 hosts. Dubbed FritzFrog, "The decentralized botnet targets any device that exposes an SSH server - cloud instances, data center servers, routers, etc. - and is capable of running any malicious payload on infected nodes," Akamai researchers said in a report shared with The Hacker News.