Security News

A new Mirai botnet variant tracked as 'V3G4' targets 13 vulnerabilities in Linux-based servers and IoT devices to use in DDoS attacks. The malware spreads by brute-forcing weak or default telnet/SSH credentials and exploiting hardcoded flaws to perform remote code execution on the target devices.

A new version of the Medusa DDoS botnet, based on Mirai code, has appeared in the wild, featuring a ransomware module and a Telnet brute-forcer. Medusa is an old malware strain being advertised in darknet markets since 2015, which later added HTTP-based DDoS capabilities in 2017.

Web infrastructure and security company Cloudflare disclosed this week that it halted a 2.5 Tbps distributed denial-of-service attack launched by a Mirai botnet. Characterizing it as a "Multi-vector attack consisting of UDP and TCP floods," researcher Omer Yoachimik said the DDoS attack targeted the Minecraft server Wynncraft in Q3 2022.

A variant of the Mirai botnet known as MooBot is co-opting vulnerable D-Link devices into an army of denial-of-service bots by taking advantage of multiple exploits. "If the devices are compromised, they will be fully controlled by attackers, who could utilize those devices to conduct further attacks such as distributed denial-of-service attacks," Palo Alto Networks Unit 42 said in a Tuesday report.

Recently reported VMware bugs are being used by hackers who are focused on using them to deliver Mirai denial-of-service malware and exploit the Log4Shell vulnerability. Security researchers at Barracuda discovered that attempts were made to exploit the recent vulnerabilities CVE-2022-22954 and CVE-2022-22960, both reported last month.

A threat group that pursues crypto mining and distributed denial-of-service attacks has been linked to a new botnet called Enemybot, which has been discovered enslaving routers and Internet of Things devices since last month. "This botnet is mainly derived from Gafgyt's source code but has been observed to borrow several modules from Mirai's original source code," Fortinet FortiGuard Labs said in a report this week.

The recently disclosed critical Spring4Shell vulnerability is being actively exploited by threat actors to execute the Mirai botnet malware, particularly in the Singapore region since the start of April 2022. The development comes as the U.S. Cybersecurity and Infrastructure Security Agency earlier this week added the Spring4Shell vulnerability to its Known Exploited Vulnerabilities Catalog based on "Evidence of active exploitation."

A prolific threat group known for deploying distributed denial-of-service and cryptomining attacks is running a new botnet that is built using the Linux-based Gafgyt source code along with some code from the Mirai botnet malware. Keksec is using the Enemybot malware as a classic botnet, rolling up compromised Internet of Things devices into a larger botnet that can be used to launch DDoS attacks.

There has been a land rush of sorts among threat groups trying to use the vulnerability discovered in the open-source Spring Framework last month, and now researchers at Trend Micro are saying it's being actively exploited to execute the Mirai botnet. The Mirai malware is a long-running threat that has been around since 2016 and is used to pull smaller networked and Internet of Things devices such as IP cameras and routers into a botnet that can then be used in such campaigns as distributed denial-of-service and phishing attacks.

The Mirai malware is now leveraging the Spring4Shell exploit to infect vulnerable web servers and recruit them for DDoS attacks. Spring4Shell is a critical remote code execution vulnerability tracked as CVE-2022-22965, affecting Spring Framework, a widely used enterprise-level Java app development platform.