Previously assessed as insignificant, DirtyMoe botnet infected over 100,000 Windows systems

The developers of the DirtyMoe botnet (which was assessed as insignificant) added to it a worm-like spreading module, after which the malware infected more than 100,000 Windows systems. The DirtyMoe botnet which allegedly runs from China, has grown exponentially over the past year. If in 2020 it consisted of 10 thousand infected systems, then in… Continue reading Previously assessed as insignificant, DirtyMoe botnet infected over 100,000 Windows systems

TeamTNT mining botnet infected over 50,000 systems in three months

Trend Micro warns that since March 2021, the TeamTNT mining botnet from the same-named group has successfully compromised more than 50,000 systems. The TeamTNT group has been active since at least April 2020 and started with attacks on incorrectly configured Docker installations, infecting them with miners and bots for DDoS attacks. Then it became known… Continue reading TeamTNT mining botnet infected over 50,000 systems in three months

Prometei botnet attacks vulnerable Microsoft Exchange servers

Since the patches for ProxyLogon problems were still not installed, cybercriminals continue their activity, for example, the updated Prometei botnet attacks vulnerable Microsoft Exchange servers. Researchers from Cybereason Nocturnus discovered Prometei malware, which mines Monero cryptocurrency on vulnerable machines. In early March 2021, Microsoft engineers released unscheduled patches for four vulnerabilities in the Exchange mail… Continue reading Prometei botnet attacks vulnerable Microsoft Exchange servers

DreamBus botnet attacks corporate applications on Linux servers

Zscaler analysts reported about the new DreamBus botnet that attacks corporate applications on Linux servers. It is a variation of the SystemdMiner malware that appeared back in 2019. DreamBus has received a number of improvements over SystemdMiner. For example, the botnet mainly targets enterprise applications running on Linux systems, including PostgreSQL, Redis, Hadoop YARN, Apache… Continue reading DreamBus botnet attacks corporate applications on Linux servers

PgMiner botnet attacks poorly protected PostgreSQL DBs

Palo Alto Networks has discovered the PgMiner botnet, which attacks and breaks into poorly protected PostgreSQL DBs in order to install miners. A new Linux-based cryptocurrency mining botnet exploits PostgreSQL’s Remote Code Execution (RCE) vulnerability, which compromises cryptojacking database servers. Cryptojacking (or simply malicious coin mining) is a common way for malware authors to monetize… Continue reading PgMiner botnet attacks poorly protected PostgreSQL DBs

KashmirBlack botnet is behind attacks on popular CMS including WordPress, Joomla and Drupal

Researchers from Imperva have found that the KashmirBlack botnet, active since the end of 2019, is behind attacks on hundreds of thousands of websites powered by popular CMS, including WordPress, Joomla, PrestaShop, Magneto, Drupal, vBulletin, osCommerce, OpenCart and Yeager. As a rule, a botnet uses the servers of infected resources to mine cryptocurrency, redirects legitimate… Continue reading KashmirBlack botnet is behind attacks on popular CMS including WordPress, Joomla and Drupal

P2P botnet Interplanetary Storm accounts more than 9000 devices

Bitdefender experts gave a detailed description of the work of the P2P botnet Interplanetary Storm (aka IPStorm), which uses infected devices as a proxy. According to researchers, the botnet includes more than 9,000 hosts (according to other sources, the number of infected devices exceeds 13,500), the vast majority of which are running Android, and about… Continue reading P2P botnet Interplanetary Storm accounts more than 9000 devices

IPStorm botnet now attacks Android, macOS and Linux devices

For the first time, Anomali specialists noticed the IPStorm in June 2019, and then it attacked only Windows machines. Now it began to attack devices on Android, macOS and Linux. Previously, the botnet included about 3,000 infected systems, but even then the researchers discovered several strange and interesting features that were unique to IPStorm. For… Continue reading IPStorm botnet now attacks Android, macOS and Linux devices

Twitter and Graphika neutralized Dracula propaganda botnet

Experts from the Graphika research group talked about how they managed to find and neutralize the Dracula botnet on Twitter. It consisted of about 3,000 bots that spread pro-Chinese political spam and repeated official messages spread through government accounts. The botnet was discovered thanks to a rather exotic quirk of its creators: the vast majority… Continue reading Twitter and Graphika neutralized Dracula propaganda botnet

Prometei botnet uses SMB for distribution

Cisco Talos has discovered a new botnet, Prometei, which was active since March 2020 and focused on mining the Monero (XMR) cryptocurrency. The researchers note that the Prometei botnet intensively uses the SMB protocol for distribution. The malware mainly attacks users from the USA, Brazil, Pakistan, China, Mexico and Chile. During four months of activity,… Continue reading Prometei botnet uses SMB for distribution