In May 2023, a new Condi malware, focused on DDoS for hire, appeared. It builds a botnet and conducts attacks using vulnerabilities in TP-Link Archer AX21 (AX1800) Wi-Fi routers. Fortinet experts report that the Condi malware targets the CVE-2023-1389 vulnerability associated with command injection without authentication. The bug allows remote code execution via the router… Continue reading Condi Malware Builds a Botnet from TP-Link Routers
Tag: Botnet
New MDBotnet Malware Rapidly Expands a DDoS Network
MDBotnet is a new malware strain that appears to be a backbone of a botnet, used in DDoS-as-a-Service attacks. Being a backdoor biassed towards networking commands, it appears to be another sample of russian malware. Analysts already report about the IPs related to this botnet being used in DDoS attacks. Let’s see why it is… Continue reading New MDBotnet Malware Rapidly Expands a DDoS Network
GoTrim Malware Hacks WordPress Sites
Fortinet specialists have discovered a new GoTrim malware written in Go that scans the Internet for WordPress sites and brute-forces them by guessing the administrator password. Such attacks can lead to the deployment of malware, the introduction of scripts on websites to steal bank cards, the placement of phishing pages, and other attack scenarios that… Continue reading GoTrim Malware Hacks WordPress Sites
New Version of Truebot Exploits Vulnerabilities in Netwrix Auditor and Raspberry Robin Worm
Information security experts warned of an increase in the number of infections with the new version of TrueBot, primarily targeting users from Mexico, Brazil, Pakistan and the United States. According to Cisco Talos, malware operators have now moved from using malicious emails to alternative delivery methods, including exploiting an RCE vulnerability in Netwrix Auditor, as… Continue reading New Version of Truebot Exploits Vulnerabilities in Netwrix Auditor and Raspberry Robin Worm
Mirai Botnet RapperBot Conducts DDoS Attacks on Game Servers
The researchers warned that the RapperBot Mirai botnet has resumed activity, and now the updated malware is used for DDoS attacks on game servers, although the exact goals of the botnet are unknown. Let me remind you that we also wrote that Google revealed the most powerful DDoS attack in history, and also that MooBot… Continue reading Mirai Botnet RapperBot Conducts DDoS Attacks on Game Servers
Emotet Botnet Resumed Activity after Five Months of Inactivity
The Emotet botnet resumed activity and began sending out malicious spam again after a five-month break, during which the malware practically “lay low.” So far, Emotet is not delivering additional payloads to the infected devices of victims, so it is not yet possible to say exactly what this malicious campaign will lead to. Let me… Continue reading Emotet Botnet Resumed Activity after Five Months of Inactivity
The Updated Fodcha Botnet Reaches a Capacity of 1 Tb / s and Demands a Ransom Directly in DDoS Packets
Qihoo 360 (360 Netlab) experts have warned about the emergence of an updated version of the Fodcha botnet, which embeds ransom demands directly into DDoS packets and has new infrastructure hiding functionality. Let me remind you that the Fodcha botnet was discovered in the spring of this year, and even experts reported that the threat… Continue reading The Updated Fodcha Botnet Reaches a Capacity of 1 Tb / s and Demands a Ransom Directly in DDoS Packets
MooBot Botnet Attacks D-Link Routers
Experts have discovered that the MooBot botnet, built on the Mirai IoT malware, attacks vulnerable D-Link routers using a combination of old and new exploits against them. Let me remind you that we also talked about ZuoRAT Trojan Hacks Asus, Cisco, DrayTek and NETGEAR Routers, and also that Information security specialists disclosed details of five… Continue reading MooBot Botnet Attacks D-Link Routers
ZuoRAT Trojan Hacks Asus, Cisco, DrayTek and NETGEAR Routers
Lumen Black Lotus Labs has discovered a new Remote Access Trojan (RAT) called ZuoRAT, attacking remote workers’ routers in North America and Europe since 2020. The malware appeared in the first months of the COVID-19 pandemic but remained unnoticed for more than two years. The researchers write that the complexity of this targeted campaign, as… Continue reading ZuoRAT Trojan Hacks Asus, Cisco, DrayTek and NETGEAR Routers
The US Department of Justice Reports a Russian Botnet Dismantled
RSOCKS Russian Botnet Is No More as a Result of a Joint Operation According to the June 16 report by the US Department of Justice, the activity of a Russian botnet RSOCKS has been stopped in a joint operation by the US, German, Dutch, and British law enforcement agencies. RSOCKS is responsible for hacking millions… Continue reading The US Department of Justice Reports a Russian Botnet Dismantled