A new variant of the Mirai malware botnet has been detected, infecting low-cost Android TV set-top boxes. They are extensively used for media streaming by millions of people. The present Trojan is a fresh edition of the ‘Pandora’ backdoor initially identified in 2015, per the analytics. The campaign targets low-cost Android TV boxes such as… Continue reading Mirai variant “Pandora” infects Android TV for DDoS attacks.
Tag: botnet
QakBot Botnet Dismantled, But Can It Return?
On Tuesday, the US authorities announced that as a result of the international law enforcement operation “Duck Hunt,” the infamous Qakbot malware platform, which is linked to Russia, was destroyed. Cybercriminals actively use it to commit various financial crimes. Though, cybersecurity experts are not sure how deadly this operation was to the botnet. They predict… Continue reading QakBot Botnet Dismantled, But Can It Return?
Qakbot Botnet Hacked, Removed from Over 700,000 Machines
Qakbot, a notorious botnet, has been taken down by a multinational law enforcement operation spearheaded by the FBI, Operation “Duck Hunt”. The botnet, also called Qbot and Pinkslipbot, that considered one of the largest and longest-running botnets to date. According to conservative estimates, law enforcement officials have linked Qakbot to at least 40 ransomware attacks.… Continue reading Qakbot Botnet Hacked, Removed from Over 700,000 Machines
Botnet of 400,000 Devices Used as Proxy Nodes Uncovered
Cybercriminals used stealthy malware to create a botnet of 400,000 proxy servers. Although the company providing the proxy services claims that users voluntarily provided their devices, experts believe otherwise. A botnet of 400,000 proxy servers Cybersecurity researchers recently discovered a botnet with more than 400,000 existing proxy nodes. At first glance, the attackers appear as… Continue reading Botnet of 400,000 Devices Used as Proxy Nodes Uncovered
Condi Malware Builds a Botnet from TP-Link Routers
In May 2023, a new Condi malware, focused on DDoS for hire, appeared. It builds a botnet and conducts attacks using vulnerabilities in TP-Link Archer AX21 (AX1800) Wi-Fi routers. Fortinet experts report that the Condi malware targets the CVE-2023-1389 vulnerability associated with command injection without authentication. The bug allows remote code execution via the router… Continue reading Condi Malware Builds a Botnet from TP-Link Routers
New MDBotnet Malware Rapidly Expands a DDoS Network
MDBotnet is a new malware strain that appears to be a backbone of a botnet, used in DDoS-as-a-Service attacks. Being a backdoor biassed towards networking commands, it appears to be another sample of russian malware. Analysts already report about the IPs related to this botnet being used in DDoS attacks. Let’s see why it is… Continue reading New MDBotnet Malware Rapidly Expands a DDoS Network
GoTrim Malware Hacks WordPress Sites
Fortinet specialists have discovered a new GoTrim malware written in Go that scans the Internet for WordPress sites and brute-forces them by guessing the administrator password. Such attacks can lead to the deployment of malware, the introduction of scripts on websites to steal bank cards, the placement of phishing pages, and other attack scenarios that… Continue reading GoTrim Malware Hacks WordPress Sites
New Version of Truebot Exploits Vulnerabilities in Netwrix Auditor and Raspberry Robin Worm
Information security experts warned of an increase in the number of infections with the new version of TrueBot, primarily targeting users from Mexico, Brazil, Pakistan and the United States. According to Cisco Talos, malware operators have now moved from using malicious emails to alternative delivery methods, including exploiting an RCE vulnerability in Netwrix Auditor, as… Continue reading New Version of Truebot Exploits Vulnerabilities in Netwrix Auditor and Raspberry Robin Worm
Mirai Botnet RapperBot Conducts DDoS Attacks on Game Servers
The researchers warned that the RapperBot Mirai botnet has resumed activity, and now the updated malware is used for DDoS attacks on game servers, although the exact goals of the botnet are unknown. Let me remind you that we also wrote that Google revealed the most powerful DDoS attack in history, and also that MooBot… Continue reading Mirai Botnet RapperBot Conducts DDoS Attacks on Game Servers
Emotet Botnet Resumed Activity after Five Months of Inactivity
The Emotet botnet resumed activity and began sending out malicious spam again after a five-month break, during which the malware practically “lay low.” So far, Emotet is not delivering additional payloads to the infected devices of victims, so it is not yet possible to say exactly what this malicious campaign will lead to. Let me… Continue reading Emotet Botnet Resumed Activity after Five Months of Inactivity