January 10, 2024 at 11:39AM
The new Mirai-based botnet NoaBot is used by threat actors for a crypto mining campaign since 2023. It includes a wormable self-spreader and an SSH key backdoor, and has been linked to a Rust-based malware called P2PInfect. NoaBot’s unique features make it difficult to detect, and it has targeted 849 victims worldwide.
Based on the meeting notes, it appears that a new botnet called NoaBot is being used in a cryptocurrency mining campaign. NoaBot is based on the Mirai botnet and has a wormable self-spreader and an SSH key backdoor. It is also linked to a malware family called P2PInfect, which recently received an update to target routers and IoT devices.
NoaBot employs obfuscation tactics to evade detection by antivirus engines and uses a modified version of the XMRig coin miner. Notably, it does not contain information about the mining pool or the wallet address, making it challenging to assess the profitability of the mining scheme. Akamai has identified 849 victim IP addresses to date, with high concentrations reported in China.
To mitigate the risks posed by NoaBot, it is recommended to restrict arbitrary internet SSH access to networks and use strong, non-default passwords. Additionally, it is advised to follow the content posted on Twitter and LinkedIn for more exclusive information.
Is there anything specific you would like to do with this information?