Proxylogon: A Coinminer, a Ransomware, and a Botnet Join the Party

Our telemetry showed three malware families taking advantage of the ProxyLogon vulnerability beginning in March: the coinminer LemonDuck was sighted first, quickly followed by the ransomware BlackKingdom, then the Prometei botnet...

Emotet Malware Destroys Itself From All Infected Computers

Emotet, the notorious email-based Windows malware behind several botnet-driven spam campaigns and ransomware attacks, was automatically wiped from infected computers en masse following a European law enforcement operation. The development comes three months after a coordinated disruption of Emote...

Prometei botnet uses NSA exploit, hits unpatched MS exchange servers

By Waqas Unpatched MS Exchange Servers are being hunted by Prometei botnet to expand its army of Monero cryptocurrency mining bots. This is a post from HackRead.com Read the original post: Prometei botnet uses NSA exploit, hits unpatched MS exchange servers...

Prometei Botnet Could Fire Up APT-Style Attacks

A heretofore little-seen botnet dubbed Prometei is taking a page from advanced persistent threat APT cyberattackers: The malware is exploiting two of the Microsoft Exchange vulnerabilities collectively known as ProxyLogon, in order to drop a Monero cryptominer on its targets. It’s also highly...

Prometei Botnet Exploiting Unpatched Microsoft Exchange Servers

Attackers are exploiting the ProxyLogon Microsoft Exchange Server flaws to co-opt vulnerable machines to a cryptocurrency botnet named Prometei, according to new research. "Prometei exploits the recently disclosed Microsoft Exchange vulnerabilities associated with the HAFNIUM attacks to penetrate...

Hacked Android phones mimicked connected TV products for fake ad views

By Deeba Ahmed Hackers used malware to hack devices to create an Android ad fraud botnet called 'Pareto' that mimicked connected TV products. This is a post from HackRead.com Read the original post: Hacked Android phones mimicked connected TV products for fake ad views...

Tor-Based Botnet Malware Targets Linux Systems, Abuses Cloud Management Tools

We found a botnet malware campaign targeting Linux systems, abusing the Tor network for proxies, and exploiting cloud infrastructure management tools for intrusion...

Gafgyt Botnet Lifts DDoS Tricks from Mirai

Several variants of the Gafgyt Linux-based botnet malware family have incorporated code from the infamous Mirai botnet, researchers have discovered. Gafgyt a.k.a. Bashlite is a botnet that was first uncovered in 2014. It targets vulnerable internet of things IoT devices like Huawei routers, Realt...

Purple Fox Rootkit Can Now Spread Itself to Other Windows Computers

Purple Fox, a Windows malware previously known for infecting machines by using exploit kits and phishing emails, has now added a new technique to its arsenal that gives it worm-like propagation capabilities. The ongoing campaign makes use of a "novel spreading technique via indiscriminate port...

Critical F5 BIG-IP Bug Under Active Attacks After PoC Exploit Posted Online

Almost 10 days after application security company F5 Networks released patches for critical vulnerabilities in its BIG-IP and BIG-IQ products, adversaries have begun opportunistically mass scanning and targeting exposed and unpatched networking devices to break into enterprise networks. News of i...

Strafer - A Tool To Detect Potential Infections In Elasticsearch Instances

Elasticsearch infections are rising exponentially. The adversaries are exploiting open and exposed Elasticsearch interfaces to trigger infections in the cloud and non-cloud deployments. During this talk, we will release a tool named "STRAFER" to detect potential infections in the Elasticsearch...

Illegal Content and the Blockchain

Security researchers have recently discovered a botnet with a novel defense against takedowns. Normally, authorities can disable a botnet by taking over its command-and-control server. With nowhere to go for instructions, the botnet is rendered useless. But over the years, botnet designers have...

New Mirai Variant and ZHtrap Botnet Malware Emerge in the Wild

Cybersecurity researchers on Monday disclosed a new wave of ongoing attacks exploiting multiple vulnerabilities to deploy new Mirai variants on internet connected devices. "Upon successful exploitation, the attackers try to download a malicious shell script, which contains further infection...

New Mirai Variant and ZHtrap Botnet Malware Emerge in the Wild

Cybersecurity researchers on Monday disclosed a new wave of ongoing attacks exploiting multiple vulnerabilities to deploy new Mirai variants on internet connected devices. "Upon successful exploitation, the attackers try to download a malicious shell script, which contains further infection...

QBOT Botnet C2 Panel - Authentication Bypass Vulnerability

A vulnerability exists in the Qbot botnet C2, in the code that performs the login. A remote attacker can exploit it to bypass the authentication, having the ability to control the botnet and perform action as an authenticated user, like taking control of the botnet. This Botnet has a lot of...

D-Link, IoT Devices Under Attack By Tor-Based Gafgyt Variant

Researchers have discovered what they say is the first variant of the Gafgyt botnet family to cloak its activity using the Tor network. Gafgyt, a botnet that was uncovered in 2014, has become infamous for launching large-scale distributed denial-of-service DDoS attacks. Researchers first discover...

Ryuk ransomware develops worm-like capability

The French governments computer emergency readiness team, thats part of the National Cybersecurity Agency of France, or ANSSI, has discovered a Ryuk variant that has worm-like capabilities during an incident response. For those unacquainted with Ryuk, it is a type of ransomware that is used in...

Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack

Ukraine is formally pointing fingers at Russian hackers for hacking into one of its government systems and attempting to plant and distribute malicious documents that would install malware on target systems of public authorities. "The purpose of the attack was the mass contamination of informatio...

Botnet Abusing Bitcoin Blockchain To Evade Detection

By Deeba Ahmed Cybercriminals are abusing Bitcoin transactions to carry out illegal crypto mining operations while staying under the radar. This is a post from HackRead.com Read the original post: Botnet Abusing Bitcoin Blockchain To Evade Detection...

Bitcoins, Blockchains, and Botnets

A recent piece of malware from a known crypto mining botnet campaign has started leveraging Bitcoin blockchain transactions in order to hide its backup C2 IP address. It's a simple, yet effective, way to defeat takedown attempts...