Security News

Notorious TrickBot Malware Gang Shuts Down its Botnet Infrastructure
2022-02-25 05:39

The modular Windows crimeware platform known as TrickBot formally shuttered its infrastructure on Thursday after reports emerged of its imminent retirement amid a lull in its activity for almost two months, marking an end to one of the most persistent malware campaigns in recent years. Attributed to a Russia-based criminal enterprise called Wizard Spider, TrickBot started out as a financial trojan in late 2016 and is a derivative of another banking malware called Dyre that was dismantled in November 2015.

U.S., U.K. Agencies Warn of New Russian Botnet Built from Hacked Firewall Devices
2022-02-24 13:33

Intelligence agencies in the U.K. and the U.S. disclosed details of a new botnet malware called Cyclops Blink that's been attributed to the Russian-backed Sandworm hacking group and deployed in attacks dating back to 2019. "Cyclops Blink appears to be a replacement framework for the VPNFilter malware exposed in 2018, which exploited network devices, primarily small office/home office routers, and network-attached storage devices," the agencies said.

New Golang botnet empties Windows users’ cryptocurrency wallets
2022-02-18 20:27

A new Golang-based botnet under active development has been ensnaring hundreds of Windows devices each time its operators deploy a new command and control server. First spotted in October 2021 by ZeroFox researchers who dubbed it Kraken, this previously unknown botnet uses the SmokeLoader backdoor and malware downloader to spread to new Windows systems.

Researchers Warn of a New Golang-based Botnet Under Continuous Development
2022-02-17 19:20

Cybersecurity researchers have unpacked a new Golang-based botnet called Kraken that's under active development and features an array of backdoor capabilities to siphon sensitive information from compromised Windows hosts. The botnet - not to be confused with a 2008 botnet of the same name - is perpetuated using SmokeLoader, which chiefly acts as a loader for next-stage malware, allowing it to quickly scale in size and expand its network.

Baby Golang-Based Botnet Already Pulling in $3K/Month for Operators
2022-02-17 17:28

Kraken has already spread like wildfire, but in the past few months, the malware's author has been tinkering away, adding more infostealers and backdoors. There's a new, still-under-development, Golang-based botnet called Kraken with a level of brawn that belies its youth: It's using the SmokeLoader malware loader to spread like wildfire and is already raking in a tidy USD $3,000/month for its operators, researchers report.

FritzFrog botnet grows 10x, hits healthcare, edu, and govt systems
2022-02-10 14:08

The FritzFrog botnet that's been active for more than two years has resurfaced with an alarming infection rate, growing ten times in just a month of hitting healthcare, education, and government systems with an exposed SSH server. Researchers at internet security company Akamai spotted a new version of the FritzFrog malware, which comes with interesting new functions, like using the Tor proxy chain.

FritzFrog P2P Botnet Attacking Healthcare, Education and Government Sectors
2022-02-10 06:03

A peer-to-peer Golang botnet has resurfaced after more than a year to compromise servers belonging to entities in the healthcare, education, and government sectors within a span of a month, infecting a total of 1,500 hosts. Dubbed FritzFrog, "The decentralized botnet targets any device that exposes an SSH server - cloud instances, data center servers, routers, etc. - and is capable of running any malicious payload on infected nodes," Akamai researchers said in a report shared with The Hacker News.

BotenaGo Botnet Code Leaked to GitHub, Impacting Millions of Devices
2022-01-27 17:19

The BotenaGo botnet source code has been leaked to GitHub. Uploading of the source code to GitHub "Can potentially lead to a significant rise of new malware variants as malware authors will be able to use the source code and adapt it to their objectives," Alien Labs security researcher Ofer Caspi wrote.

Abcbot Botnet Linked to Operators of Xanthe Cryptomining malware
2022-01-10 20:33

New research into the infrastructure behind an emerging DDoS botnet named Abcbot has uncovered links with a cryptocurrency-mining botnet attack that came to light in December 2020. Attacks involving Abcbot, first disclosed by Qihoo 360's Netlab security team in November 2021, are triggered via a malicious shell script that targets insecure cloud instances operated by cloud service providers such as Huawei, Tencent, Baidu, and Alibaba Cloud to download malware that co-opts the machine to a botnet, but not before terminating processes from competing threat actors and establishing persistence.

New Phorpiex Botnet Variant Steals Half a Million Dollars in Cryptocurrency
2021-12-16 23:19

Cryptocurrency users in Ethiopia, Nigeria, India, Guatemala, and the Philippines are being targeted by a new variant of the Phorpiex botnet called Twizt that has resulted in the theft of virtual coins amounting to $500,000 over the last one year. Israeli security firm Check Point Research, which detailed the attacks, said the latest evolutionary version "Enables the botnet to operate successfully without active servers," adding it supports no less than 35 wallets associated with different blockchains, including Bitcoin, Ethereum, Dash, Dogecoin, Litecoin, Monero, Ripple, and Zilliqa, to facilitate crypto theft.