ZuoRAT Malware Hijacking Home-Office Routers to Spy on Targeted Networks

A never-before-seen remote access trojan dubbed ZuoRAT has been singling out small office/home office SOHO routers as part of a sophisticated campaign targeting North American and European networks. The malware "grants the actor the ability to pivot into the local network and gain access to...

Meet the Administrators of the RSOCKS Proxy Botnet

Authorities in the United States, Germany, the Netherlands and the U.K. last week said they dismantled the "RSOCKS" botnet, a collection of millions of hacked devices that were sold as "proxies" to cybercriminals looking for ways to route their malicious traffic through someone elses computer...

Feds Dismantle Russian Rsocks Botnet Powered by Millions of IoT Devices

By Deeba Ahmed The hackers behind Rsocks botnet used the hacked IoT devices as proxy servers where its customers would pay… This is a post from HackRead.com Read the original post: Feds Dismantle Russian Rsocks Botnet Powered by Millions of IoT Devices...

Authorities Shut Down Russian RSOCKS Botnet That Hacked Millions of Devices

The U.S. Department of Justice DoJ on Thursday disclosed that it took down the infrastructure associated with a Russian botnet known as RSOCKS in collaboration with law enforcement partners in Germany, the Netherlands, and the U.K. The botnet, operated by a sophisticated cybercrime organization, ...

Cloudflare Thwarted Largest Ever HTTPS DDoS Attack

By Deeba Ahmed The DDoS attack originated from 121 countries and was powered by a small botnet of only 5,067 hacked… This is a post from HackRead.com Read the original post: Cloudflare Thwarted Largest Ever HTTPS DDoS Attack...

Record breaking HTTPS DDoS attack

Last week, Cloudflare blocked the largest HTTPS DDoS attack on record. The attack amassed some 26 million requests per second rps. The previous record for a HTTPS DDoS attack was 15.3 million rps. The attack targeted an unnamed Cloudflare customer and originated mostly from Cloud Service Provider...

Panchan: A New Golang-based Peer-To-Peer Botnet Targeting Linux Servers

A new Golang-based peer-to-peer P2P botnet has been spotted actively targeting Linux servers in the education sector since its emergence in March 2022. Dubbed Panchan by Akamai Security Research, the malware "utilizes its built-in concurrency features to maximize spreadability and execute malware...

Panchan?s Mining Rig: New Golang Peer-to-Peer Botnet Says ?Hi!?

Akamai researchers have discovered a new P2P botnet targeting APJ. Read about it here...

Panchan’s Mining Rig: New Golang Peer-to-Peer Botnet Says “Hi!”

Akamai researchers have discovered a new P2P botnet targeting APJ. Read about it here...

Cloudflare Saw Record-Breaking DDoS Attack Peaking at 26 Million Request Per Second

Cloudflare on Tuesday disclosed that it had acted to prevent a record-setting 26 million request per second RPS distributed denial-of-service DDoS attack last week, making it the largest HTTPS DDoS attack detected to date. The web performance and security company said the attack was directed...

New XLoader Botnet Version Using Probability Theory to Hide its C&C Servers

An enhanced version of the XLoader malware has been spotted adopting a probability-based approach to camouflage its command-and-control C&C infrastructure, according to the latest research. "Now it is significantly harder to separate the wheat from the chaff and discover the real C&C servers amon...

EnemyBot Malware Targets Web Servers, CMS Tools and Android OS

A rapidly evolving IoT malware dubbed “EnemyBot” is targeting content management systems CMS, web servers and Android devices. Threat actor group “Keksec” is believed behind the distribution of the malware, according to researchers. “Services such as VMware Workspace ONE, Adobe ColdFusion,...

EnemyBot Linux Botnet Now Exploits Web Server, Android and CMS Vulnerabilities

A nascent Linux-based botnet named Enemybot has expanded its capabilities to include recently disclosed security vulnerabilities in its arsenal to target web servers, Android devices, and content management systems CMS. "The malware is rapidly adopting one-day vulnerabilities as part of its...

Fronton IOT Botnet Packs Disinformation Punch

A fresh look at the Fronton DDoS-focused botnet reveals the criminal tool has more capabilities than previously known. The Fronton botnet first made the headline in March 2020. That is when, according to news reports, a hacktivist group called Digital Revolution said it obtained documents claimin...

Fronton: Russian IoT Botnet Designed to Run Social Media Disinformation Campaigns

Fronton, a distributed denial-of-service DDoS botnet that came to light in March 2020, is much more powerful than previously thought, per the latest research. "Fronton is a system developed for coordinated inauthentic behavior on a massive scale," threat intelligence firm Nisos said in a report...

A week in security (May 16 – 22)

Last week on Malwarebytes Labs: Fake reCAPTCHA forms dupe users via compromised WordPress sites How COVID-19 fuelled a surge in malware Why MRG-Effitas matters to SMBs “Look what I found here” phish targets Facebook users AirTag stalking: What is it, and how can I avoid it? Long lost @ symbol get...

Microsoft Warns Rise in XorDdos Malware Targeting Linux Devices

A Linux botnet malware known as XorDdos has witnessed a 254% surge in activity over the last six months, according to latest research from Microsoft. The trojan, so named for carrying out denial-of-service attacks on Linux systems and its use of XOR-based encryption for communications with its...

Bruised but Not Broken: The Resurgence of the Emotet Botnet Malware

During the first quarter of 2022, we discovered a significant number of infections using multiple new Emotet variants that employed both old and new techniques to trick their intended victims into accessing malicious links and enabling macro content...

Sysrv botnet is out to mine Monero on your Windows and Linux servers

In a Twitter thread, the Microsoft Security Intelligence team have revealed new information about the latest versions of the Sysrv botnet. The variant they focused on uses a range of known exploits for vulnerabilities in web apps and databases to install cryptocurrency miners on both Windows and...

Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR

Trend Micro’s Managed XDR team addressed a Kingminer botnet attack conducted through an SQL exploit. We discuss our findings and analysis in this report...