IcedID Botnet Distributors Abuse Google PPC to Distribute Malware

We analyze the latest changes in IcedID botnet from a campaign that abuses Google pay per click PPC ads to distribute IcedID via malvertising attacks...

Zerobot Botnet Emerges as a Growing Threat with New Exploits and Capabilities

The Zerobot DDoS botnet has received substantial updates that expand on its ability to target more internet-connected devices and scale its network. Microsoft Threat Intelligence Center MSTIC is tracking the ongoing threat under the moniker DEV-1061, its designation for unknown, emerging, or...

Microsoft research uncovers new Zerobot capabilities

Botnet malware operations are a constantly evolving threat to devices and networks. Threat actors target Internet of Things IoT devices for recruitment into malicious operations as IoT devices’ configurations often leave them exposed, and the number of internet-connected devices continue to grow...

Microsoft research uncovers new Zerobot capabilities

Botnet malware operations are a constantly evolving threat to devices and networks. Threat actors target Internet of Things IoT devices for recruitment into malicious operations as IoT devices’ configurations often leave them exposed, and the number of internet-connected devices continue to grow...

Google Disruption Fails to Stop Glupteba Botnet

By Deeba Ahmed In December 2021, Google announced it had disrupted the Glupteba botnet and filed a lawsuit against two of its Russian operators, but it turns out the botnet is back and kicking. This is a post from HackRead.com Read the original post: Google Disruption Fails to Stop Glupteba Botne...

KmsdBot Botnet Suspected of Being Used as DDoS-for-Hire Service

An ongoing analysis of the KmsdBot botnet has raised the possibility that it's a DDoS-for-hire service offered to other threat actors. This is based on the different industries and geographies that were attacked, web infrastructure company Akamai said. Among the notable targets included FiveM and...

Glupteba Botnet Continues to Thrive Despite Google's Attempts to Disrupt It

The operators of the Glupteba botnet resurfaced in June 2022 as part of a renewed and "upscaled" campaign, months after Google disrupted the malicious activity. The ongoing attack is suggestive of the malware's resilience in the face of takedowns, cybersecurity company Nozomi Networks said in a...

Microsoft Alert: DDoS Botnet Hit Private Minecraft Servers

By Waqas Dubbed "MCCrash" by Microsoft, the DDoS botnet is currently targeting private Minecraft servers globally. This is a post from HackRead.com Read the original post: Microsoft Alert: DDoS Botnet Hit Private Minecraft Servers...

MCCrash: Cross-platform DDoS botnet targets private Minecraft servers

Malware operations continue to rapidly evolve as threat actors add new capabilities to existing botnets, increasingly targeting and recruiting new types of devices. Attackers update malware to target additional operating systems, ranging from PCs to IoT devices, growing their infrastructure...

MCCrash: Cross-platform DDoS botnet targets private Minecraft servers

Malware operations continue to rapidly evolve as threat actors add new capabilities to existing botnets, increasingly targeting and recruiting new types of devices. Attackers update malware to target additional operating systems, ranging from PCs to IoT devices, growing their infrastructure...

A New GoLang Botnet named GoTrim BruteForcing multiple CMS

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new GoTrim botnet has been scanning and brute-forcing on the four Content Management Systems WordPress, DataLife Engine, Joomla!, and OpenCart websites. GoTrim botnet is written in Go Programming...

A Security Vulnerability in the KmsdBot Botnet

Security researchers found a software bug in the KmsdBot cryptomining botnet: With no error-checking built in, sending KmsdBot a malformed command­--like its controllers did one day while Akamai was watching­--created a panic crash with an "index out of range" error. Because theres no persistence...

New GoTrim Botnet Attempting to Break into WordPress Sites' Admin Accounts

A new Go-based botnet has been spotted scanning and brute-forcing self-hosted websites using the WordPress content management system CMS to seize control of targeted systems. "This new brute forcer is part of a new campaign we have named GoTrim because it was written in Go and uses ':::trim:::' t...

New Botnet named Zerobot Exploiting Multiple Vulnerabilities

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A new botnet named ‘Zerobot’ has two variants, both are written in Go programming language, the first variant discovered on 18 Nov 2022, and within a short time on 24 Nov 2022 second variant was...

Breaking the silence - Recent Truebot activity

Since August 2022, we have seen an increase in infections of Truebot aka Silence.Downloader malware. Truebot was first identified in 2017 and researchers have linked it to a threat actor called Silence Group that is responsible for several high-impact attacks on financial institutions in several...

New Go-based Botnet Exploiting Exploiting Dozens of IoT Vulnerabilities to Expand its Network

NOTE: In this blog, Zerobot refers to a botnet that spreads primarily through IoT and web application vulnerabilities. It is not associated with the chatbot ZeroBot.ai. A novel Go-based botnet called Zerobot has been observed in the wild proliferating by taking advantage of nearly two dozen...

Hackers Exploiting Redis Vulnerability to Deploy New Redigo Malware on Servers

A previously undocumented Go-based malware is targeting Redis servers with the goal of taking control of the infected systems and likely building a botnet network. The attacks involve taking advantage of a critical security vulnerability in the open source, in-memory, key-value store that was...

A Syntax Error Led to Crashing of KmsdBot Cryptomining Botnet

By Deeba Ahmed The KmsdBot was known for targeting both Linux and Windows devices. This is a post from HackRead.com Read the original post: A Syntax Error Led to Crashing of KmsdBot Cryptomining Botnet...

Malware Authors 'Accidentally' Crash KmsdBot Cryptocurrency Mining Botnet

An ongoing analysis into an up-and-coming cryptocurrency mining botnet known as KmsdBot has led to it being accidentally taken down by the threat actors themselves. KmsdBot, as christened by the Akamai Security Intelligence Response Team SIRT, came to light mid-November 2022 for its ability to...

Accidentally Crashing a Botnet

As part of our research into the cryptomining botnet kmsdbot, we rendered it useless...