botnet

FritzFrog Botnet Exploits Log4Shell on Overlooked Internal Hosts

by

February 1, 2024 at 02:52PM The new variant of the botnet “FritzFrog” utilizes Log4Shell to target unpatched internal network assets. Unlike traditional Log4Shell attacks, it spreads through weak SSH passwords and Log4Shell vulnerabilities internally. This sophisticated botnet also exploits CVE-2021-4034 and employs stealth tactics, resulting in over 20,000 attacks since 2020. Mitigation involves strengthening passwords … Read more

PurpleFox malware infected thousands of systems in Ukraine

by

February 1, 2024 at 12:15PM CERT-UA warns of the PurpleFox malware infecting over 2,000 Ukrainian computers with potential backdoor, DDoS, and downloader capabilities. It utilizes a rootkit to persist and conceal its presence. CERT-UA provides methods to detect and remove the malware, including checking network connections, registry values, event logs, and specific file locations, and … Read more

Bigpanzi botnet infects 170,000 Android TV boxes with malware

by

January 17, 2024 at 01:57PM Summary: The cybercrime syndicate ‘Bigpanzi’ has been infecting Android TV and eCos set-top boxes to create a large botnet used for illegal activities, including media streaming, DDoS attacks, and content provision. Their customized malware, pandoraspear and pcdn, poses serious cybersecurity threats. The scale of their operations, involving over 1.3 million … Read more

US Gov Issues Warning for Androxgh0st Malware Attacks

by

January 17, 2024 at 11:36AM CISA and FBI have issued a joint advisory warning about Androxgh0st malware creating a botnet to target vulnerable networks. The malware primarily targets .env files containing sensitive information for AWS, Microsoft Office 365, SendGrid, and Twilio. It can abuse SMTP for scanning, exploit stolen credentials and APIs, and deploy web … Read more

Feds Warn of AndroxGh0st Botnet Targeting AWS, Azure, and Office 365 Credentials

by

January 17, 2024 at 06:39AM CISA and FBI warn of AndroxGh0st malware creating a botnet for victim identification and exploitation. Capable of infiltrating servers with known security flaws, it targets credentials for platforms like AWS and Microsoft Office 365. Features enable SMTP abuse and persistent access to compromised systems. Related tools include FBot and spike … Read more

FBI: Androxgh0st malware botnet steals AWS, Microsoft credentials

by

January 16, 2024 at 12:41PM CISA and the FBI warn about Androxgh0st malware, which is being used to create a botnet targeting cloud credential theft. The botnet exploits vulnerabilities in frameworks and servers. Additionally, it steals sensitive information, deploys malicious tools, and conducts spam campaigns. The agencies advise on mitigation measures to limit the impact … Read more

NoaBot: Latest Mirai-Based Botnet Targeting SSH Servers for Crypto Mining

by

January 10, 2024 at 11:39AM The new Mirai-based botnet NoaBot is used by threat actors for a crypto mining campaign since 2023. It includes a wormable self-spreader and an SSH key backdoor, and has been linked to a Rust-based malware called P2PInfect. NoaBot’s unique features make it difficult to detect, and it has targeted 849 … Read more

Bangladesh Election App Crashes Amid Suspected Cyberattack

by

January 9, 2024 at 10:56AM Ukraine and Germany are accused of launching a cyberattack to disrupt a Bangladesh national election app. The app, used to provide election updates and candidate data, is impacted by slow performance. Although the exact nature of the attack is not specified, it’s suspected to be caused by botnets from Ukraine … Read more

Fresh Qakbot Sightings Confirm Recent Takedown Was a Temporary Setback

by

December 19, 2023 at 06:22PM Qakbot malware has resurfaced, distributed through phishing emails targeting hospitality organizations. Microsoft, Zscaler, and Proofpoint reported sightings of a new 64-bit version using AES encryption. Despite a takedown in August, Qakbot’s operators continue distributing other malware. Lumu observed 1,581 attempted attacks in September, indicating the group’s resilience. The group’s continued … Read more

Qakbot’s backbot: FBI-led takedown keeps crims at bay for just 3 months

by

December 19, 2023 at 04:33AM Qakbot malware has resurged with a new phishing campaign targeting the hospitality sector. The gang uses malicious PDF attachments disguised as IRS documents to distribute the malware. Despite earlier efforts to take it down, Qakbot has reappeared, demonstrating the challenge of combating cybercrime. Similar to Emotet’s revival, Qakbot’s resurgence poses … Read more