#botnet — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #botnet, aggregated by home.social.
-
New.
Microsoft: Kazuar: Anatomy of a nation-state botnet https://www.microsoft.com/en-us/security/blog/2026/05/14/kazuar-anatomy-of-a-nation-state-botnet/ #Microsoft #infosec #botnet #threatintel #threatintelligence #malware
-
Honeypot reveals botnet exploiting scriptText to launch DDoS attacks on game servers
Pulse ID: 6a02ae32b11ecc72977b2a1b
Pulse Link: https://otx.alienvault.com/pulse/6a02ae32b11ecc72977b2a1b
Pulse Author: Tr1sa111
Created: 2026-05-12 04:36:02Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #DDoS #DoS #HoneyPot #InfoSec #OTX #OpenThreatExchange #bot #botnet #Tr1sa111
-
Honeypot reveals botnet exploiting scriptText to launch DDoS attacks on game servers
Pulse ID: 6a02ae32b11ecc72977b2a1b
Pulse Link: https://otx.alienvault.com/pulse/6a02ae32b11ecc72977b2a1b
Pulse Author: Tr1sa111
Created: 2026-05-12 04:36:02Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #DDoS #DoS #HoneyPot #InfoSec #OTX #OpenThreatExchange #bot #botnet #Tr1sa111
-
Honeypot reveals botnet exploiting scriptText to launch DDoS attacks on game servers
Pulse ID: 6a02ae32b11ecc72977b2a1b
Pulse Link: https://otx.alienvault.com/pulse/6a02ae32b11ecc72977b2a1b
Pulse Author: Tr1sa111
Created: 2026-05-12 04:36:02Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #DDoS #DoS #HoneyPot #InfoSec #OTX #OpenThreatExchange #bot #botnet #Tr1sa111
-
Honeypot reveals botnet exploiting scriptText to launch DDoS attacks on game servers
Pulse ID: 6a02ae32b11ecc72977b2a1b
Pulse Link: https://otx.alienvault.com/pulse/6a02ae32b11ecc72977b2a1b
Pulse Author: Tr1sa111
Created: 2026-05-12 04:36:02Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #DDoS #DoS #HoneyPot #InfoSec #OTX #OpenThreatExchange #bot #botnet #Tr1sa111
-
Honeypot reveals botnet exploiting scriptText to launch DDoS attacks on game servers
Pulse ID: 6a02ae32b11ecc72977b2a1b
Pulse Link: https://otx.alienvault.com/pulse/6a02ae32b11ecc72977b2a1b
Pulse Author: Tr1sa111
Created: 2026-05-12 04:36:02Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #DDoS #DoS #HoneyPot #InfoSec #OTX #OpenThreatExchange #bot #botnet #Tr1sa111
-
Honeypot reveals botnet exploiting scriptText to launch DDoS attacks on game servers
Analysts observed attackers exploiting a Jenkins honeypot to deploy a new DDoS botnet targeting video game servers. Leveraging Jenkins scriptText abuse, the threat actors achieved remote code execution by sending malicious Groovy scripts to intentionally misconfigured instances with weak passwords. The multi-platform payload targets both Windows and Linux systems, deploying malware that evades detection through process renaming and daemonization. The botnet supports multiple attack vectors including UDP floods, TCP attacks, HTTP requests, and game-specific techniques targeting Valve Source Engine servers. Infrastructure hosted in Vietnam serves dual purposes for payload distribution and command-and-control communications. The campaign demonstrates continued opportunistic exploitation of internet-facing services, with gaming industry servers being primary targets for distributed denial-of-service attacks.
Pulse ID: 6a0199674dd4cf450633dd32
Pulse Link: https://otx.alienvault.com/pulse/6a0199674dd4cf450633dd32
Pulse Author: AlienVault
Created: 2026-05-11 08:55:03Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #DDoS #DoS #HTTP #HoneyPot #InfoSec #Linux #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #RCE #RemoteCodeExecution #TCP #UDP #Vietnam #Windows #Word #bot #botnet #AlienVault
-
Honeypot reveals botnet exploiting scriptText to launch DDoS attacks on game servers
Analysts observed attackers exploiting a Jenkins honeypot to deploy a new DDoS botnet targeting video game servers. Leveraging Jenkins scriptText abuse, the threat actors achieved remote code execution by sending malicious Groovy scripts to intentionally misconfigured instances with weak passwords. The multi-platform payload targets both Windows and Linux systems, deploying malware that evades detection through process renaming and daemonization. The botnet supports multiple attack vectors including UDP floods, TCP attacks, HTTP requests, and game-specific techniques targeting Valve Source Engine servers. Infrastructure hosted in Vietnam serves dual purposes for payload distribution and command-and-control communications. The campaign demonstrates continued opportunistic exploitation of internet-facing services, with gaming industry servers being primary targets for distributed denial-of-service attacks.
Pulse ID: 6a0199674dd4cf450633dd32
Pulse Link: https://otx.alienvault.com/pulse/6a0199674dd4cf450633dd32
Pulse Author: AlienVault
Created: 2026-05-11 08:55:03Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #DDoS #DoS #HTTP #HoneyPot #InfoSec #Linux #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #RCE #RemoteCodeExecution #TCP #UDP #Vietnam #Windows #Word #bot #botnet #AlienVault
-
Honeypot reveals botnet exploiting scriptText to launch DDoS attacks on game servers
Analysts observed attackers exploiting a Jenkins honeypot to deploy a new DDoS botnet targeting video game servers. Leveraging Jenkins scriptText abuse, the threat actors achieved remote code execution by sending malicious Groovy scripts to intentionally misconfigured instances with weak passwords. The multi-platform payload targets both Windows and Linux systems, deploying malware that evades detection through process renaming and daemonization. The botnet supports multiple attack vectors including UDP floods, TCP attacks, HTTP requests, and game-specific techniques targeting Valve Source Engine servers. Infrastructure hosted in Vietnam serves dual purposes for payload distribution and command-and-control communications. The campaign demonstrates continued opportunistic exploitation of internet-facing services, with gaming industry servers being primary targets for distributed denial-of-service attacks.
Pulse ID: 6a0199674dd4cf450633dd32
Pulse Link: https://otx.alienvault.com/pulse/6a0199674dd4cf450633dd32
Pulse Author: AlienVault
Created: 2026-05-11 08:55:03Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #DDoS #DoS #HTTP #HoneyPot #InfoSec #Linux #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #RCE #RemoteCodeExecution #TCP #UDP #Vietnam #Windows #Word #bot #botnet #AlienVault
-
Honeypot reveals botnet exploiting scriptText to launch DDoS attacks on game servers
Analysts observed attackers exploiting a Jenkins honeypot to deploy a new DDoS botnet targeting video game servers. Leveraging Jenkins scriptText abuse, the threat actors achieved remote code execution by sending malicious Groovy scripts to intentionally misconfigured instances with weak passwords. The multi-platform payload targets both Windows and Linux systems, deploying malware that evades detection through process renaming and daemonization. The botnet supports multiple attack vectors including UDP floods, TCP attacks, HTTP requests, and game-specific techniques targeting Valve Source Engine servers. Infrastructure hosted in Vietnam serves dual purposes for payload distribution and command-and-control communications. The campaign demonstrates continued opportunistic exploitation of internet-facing services, with gaming industry servers being primary targets for distributed denial-of-service attacks.
Pulse ID: 6a0199674dd4cf450633dd32
Pulse Link: https://otx.alienvault.com/pulse/6a0199674dd4cf450633dd32
Pulse Author: AlienVault
Created: 2026-05-11 08:55:03Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #DDoS #DoS #HTTP #HoneyPot #InfoSec #Linux #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #RCE #RemoteCodeExecution #TCP #UDP #Vietnam #Windows #Word #bot #botnet #AlienVault
-
Honeypot reveals botnet exploiting scriptText to launch DDoS attacks on game servers
Analysts observed attackers exploiting a Jenkins honeypot to deploy a new DDoS botnet targeting video game servers. Leveraging Jenkins scriptText abuse, the threat actors achieved remote code execution by sending malicious Groovy scripts to intentionally misconfigured instances with weak passwords. The multi-platform payload targets both Windows and Linux systems, deploying malware that evades detection through process renaming and daemonization. The botnet supports multiple attack vectors including UDP floods, TCP attacks, HTTP requests, and game-specific techniques targeting Valve Source Engine servers. Infrastructure hosted in Vietnam serves dual purposes for payload distribution and command-and-control communications. The campaign demonstrates continued opportunistic exploitation of internet-facing services, with gaming industry servers being primary targets for distributed denial-of-service attacks.
Pulse ID: 6a0199674dd4cf450633dd32
Pulse Link: https://otx.alienvault.com/pulse/6a0199674dd4cf450633dd32
Pulse Author: AlienVault
Created: 2026-05-11 08:55:03Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #DDoS #DoS #HTTP #HoneyPot #InfoSec #Linux #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #RCE #RemoteCodeExecution #TCP #UDP #Vietnam #Windows #Word #bot #botnet #AlienVault
-
No consent dialog. No opt-out UI. Re-installs itself if the user removes it manually
Chrome is now LLM malware
Chrome on all OS, silently installs an LLM on your local machine, (like) true authentic malware. It's 2 to 4 GB 4096MB in size, taking up space I'm certain you have reserved for something else.
No consent dialog. No opt-out UI. Re-installs itself if the user removes it manually.
Google transformed Chrome into malware
With billions 109 installations, the climate burden is Massive!
https://www.thatprivacyguy.com/blog/chrome-silent-nano-install/
#Distributed #malware #Alphabet #Google #Chrome #silent #re #install #botnet #LLM #AI #Slop #Enshittification #programming #virus #fucked
-
No consent dialog. No opt-out UI. Re-installs itself if the user removes it manually
Chrome is now LLM malware
Chrome on all OS, silently installs an LLM on your local machine, (like) true authentic malware. It's 2 to 4 GB 4096MB in size, taking up space I'm certain you have reserved for something else.
No consent dialog. No opt-out UI. Re-installs itself if the user removes it manually.
Google transformed Chrome into malware
With billions 109 installations, the climate burden is Massive!
https://www.thatprivacyguy.com/blog/chrome-silent-nano-install/
#Distributed #malware #Alphabet #Google #Chrome #silent #re #install #botnet #LLM #AI #Slop #Enshittification #programming #virus #fucked
-
No consent dialog. No opt-out UI. Re-installs itself if the user removes it manually
Chrome is now LLM malware
Chrome on all OS, silently installs an LLM on your local machine, (like) true authentic malware. It's 2 to 4 GB 4096MB in size, taking up space I'm certain you have reserved for something else.
No consent dialog. No opt-out UI. Re-installs itself if the user removes it manually.
Google transformed Chrome into malware
With billions 109 installations, the climate burden is Massive!
https://www.thatprivacyguy.com/blog/chrome-silent-nano-install/
#Distributed #malware #Alphabet #Google #Chrome #silent #re #install #botnet #LLM #AI #Slop #Enshittification #programming #virus #fucked
-
No consent dialog. No opt-out UI. Re-installs itself if the user removes it manually
Chrome is now LLM malware
Chrome on all OS, silently installs an LLM on your local machine, (like) true authentic malware. It's 2 to 4 GB 4096MB in size, taking up space I'm certain you have reserved for something else.
No consent dialog. No opt-out UI. Re-installs itself if the user removes it manually.
Google transformed Chrome into malware
With billions 109 installations, the climate burden is Massive!
https://www.thatprivacyguy.com/blog/chrome-silent-nano-install/
#Distributed #malware #Alphabet #Google #Chrome #silent #re #install #botnet #LLM #AI #Slop #Enshittification #programming #virus #fucked
-
No consent dialog. No opt-out UI. Re-installs itself if the user removes it manually
Chrome is now LLM malware
Chrome on all OS, silently installs an LLM on your local machine, (like) true authentic malware. It's 2 to 4 GB 4096MB in size, taking up space I'm certain you have reserved for something else.
No consent dialog. No opt-out UI. Re-installs itself if the user removes it manually.
Google transformed Chrome into malware
With billions 109 installations, the climate burden is Massive!
https://www.thatprivacyguy.com/blog/chrome-silent-nano-install/
#Distributed #malware #Alphabet #Google #Chrome #silent #re #install #botnet #LLM #AI #Slop #Enshittification #programming #virus #fucked
-
DDoS Malware Exploiting Jenkins Servers to Attack Valve Source Gaming Infrastructure
A newly discovered DDoS botnet campaign abuses exposed Jenkins servers with weak authentication to deliver Windows and Linux payloads. The malware turns compromised hosts into bots and targets Valve Source Engine game servers using UDP floods, TCP push attacks, HTTP floods and query-based amplification attacks.
Pulse ID: 69f735ac2403f4a4cb9ca4c3
Pulse Link: https://otx.alienvault.com/pulse/69f735ac2403f4a4cb9ca4c3
Pulse Author: cryptocti
Created: 2026-05-03 11:46:52Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #DDoS #DoS #HTTP #InfoSec #Linux #Malware #OTX #OpenThreatExchange #RCE #TCP #UDP #Windows #bot #botnet #cryptocti
-
DDoS Malware Exploiting Jenkins Servers to Attack Valve Source Gaming Infrastructure
A newly discovered DDoS botnet campaign abuses exposed Jenkins servers with weak authentication to deliver Windows and Linux payloads. The malware turns compromised hosts into bots and targets Valve Source Engine game servers using UDP floods, TCP push attacks, HTTP floods and query-based amplification attacks.
Pulse ID: 69f735ac2403f4a4cb9ca4c3
Pulse Link: https://otx.alienvault.com/pulse/69f735ac2403f4a4cb9ca4c3
Pulse Author: cryptocti
Created: 2026-05-03 11:46:52Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #DDoS #DoS #HTTP #InfoSec #Linux #Malware #OTX #OpenThreatExchange #RCE #TCP #UDP #Windows #bot #botnet #cryptocti
-
DDoS Malware Exploiting Jenkins Servers to Attack Valve Source Gaming Infrastructure
A newly discovered DDoS botnet campaign abuses exposed Jenkins servers with weak authentication to deliver Windows and Linux payloads. The malware turns compromised hosts into bots and targets Valve Source Engine game servers using UDP floods, TCP push attacks, HTTP floods and query-based amplification attacks.
Pulse ID: 69f735ac2403f4a4cb9ca4c3
Pulse Link: https://otx.alienvault.com/pulse/69f735ac2403f4a4cb9ca4c3
Pulse Author: cryptocti
Created: 2026-05-03 11:46:52Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #DDoS #DoS #HTTP #InfoSec #Linux #Malware #OTX #OpenThreatExchange #RCE #TCP #UDP #Windows #bot #botnet #cryptocti
-
DDoS Malware Exploiting Jenkins Servers to Attack Valve Source Gaming Infrastructure
A newly discovered DDoS botnet campaign abuses exposed Jenkins servers with weak authentication to deliver Windows and Linux payloads. The malware turns compromised hosts into bots and targets Valve Source Engine game servers using UDP floods, TCP push attacks, HTTP floods and query-based amplification attacks.
Pulse ID: 69f735ac2403f4a4cb9ca4c3
Pulse Link: https://otx.alienvault.com/pulse/69f735ac2403f4a4cb9ca4c3
Pulse Author: cryptocti
Created: 2026-05-03 11:46:52Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #DDoS #DoS #HTTP #InfoSec #Linux #Malware #OTX #OpenThreatExchange #RCE #TCP #UDP #Windows #bot #botnet #cryptocti
-
DDoS Malware Exploiting Jenkins Servers to Attack Valve Source Gaming Infrastructure
A newly discovered DDoS botnet campaign abuses exposed Jenkins servers with weak authentication to deliver Windows and Linux payloads. The malware turns compromised hosts into bots and targets Valve Source Engine game servers using UDP floods, TCP push attacks, HTTP floods and query-based amplification attacks.
Pulse ID: 69f735ac2403f4a4cb9ca4c3
Pulse Link: https://otx.alienvault.com/pulse/69f735ac2403f4a4cb9ca4c3
Pulse Author: cryptocti
Created: 2026-05-03 11:46:52Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #DDoS #DoS #HTTP #InfoSec #Linux #Malware #OTX #OpenThreatExchange #RCE #TCP #UDP #Windows #bot #botnet #cryptocti
-
DDoS-for-Hire Operation Exposed: How an Operator's Debug Build Unraveled a Commercial Game-Server Botnet
An exposed open directory on a Netherlands-hosted server revealed the complete operational toolkit of xlabs_v1, a Mirai-derived IoT botnet operated by an actor using the handle Tadashi. The operation provides DDoS-for-hire services specifically targeting game servers and Minecraft hosts through 21 distinct flood attack variants. The botnet exploits Android Debug Bridge (ADB) on TCP/5555 to compromise over 4 million potentially vulnerable IoT devices including Android TV boxes, smart TVs, and routers. The operation features bandwidth profiling to price-tier infected devices, ChaCha20 string encryption with cryptographic weaknesses, and competitor-eradication routines. Infrastructure analysis consolidated the entire operation within a single bulletproof /24 netblock in the Netherlands, with co-located cryptojacking infrastructure also identified.
Pulse ID: 69f25f09e5c3a33611f7cb16
Pulse Link: https://otx.alienvault.com/pulse/69f25f09e5c3a33611f7cb16
Pulse Author: AlienVault
Created: 2026-04-29 19:42:01Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Android #ChaCha20 #CryptoJacking #CyberSecurity #DDoS #DoS #Encryption #InfoSec #IoT #Minecraft #Mirai #OTX #OpenThreatExchange #RAT #TCP #TheNetherlands #bot #botnet #AlienVault
-
Masz stary router TP-Link? Botnet Mirai aktywnie wykorzystuje lukę CVE-2023-33538 do przejęcia kontroli nad urządzeniami
Badacze bezpieczeństwa z Unit42 alarmują o trwającej kampanii wymierzonej w posiadaczy starszych routerów TP-Link. Na celowniku są modele, które nie są już objęte wsparciem producenta (status End-of-Line): Cyberprzestępcy wykorzystują lukę oznaczoną jako CVE-2023-33538, która pozwala na wstrzykiwanie złośliwych poleceń (RCE, Remote Command Execution). Analizując próbki można dojść do wniosku, że...
-
The Group Theory Inside Bedep's DGA
Bedep was an ad-fraud botnet active from late 2014 through 2015, delivered through the Angler exploit kit. It employed an unusually sophisticated domain generation algorithm that used real foreign exchange rates from the European Central Bank combined with advanced group theory mathematics to generate command-and-control domains. Unlike typical DGAs that rely solely on date-based seeds, Bedep's algorithm fetched currency exchange rates and UTC timestamps from legitimate public sources, making future domains unpredictable until the data was published. The malware implemented mathematical concepts including cyclic groups, primitive root generators, and modular arithmetic to ensure collision-free domain generation. This unique approach made it significantly harder for defenders to pre-compute and block domains compared to conventional DGAs, as the exchange rates couldn't be predicted in advance.
Pulse ID: 69e9525a37098f168ad6064f
Pulse Link: https://otx.alienvault.com/pulse/69e9525a37098f168ad6064f
Pulse Author: AlienVault
Created: 2026-04-22 22:57:30Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Bank #CyberSecurity #Europe #ICS #InfoSec #Malware #OTX #OpenThreatExchange #RAT #RCE #bot #botnet #AlienVault
-
Untangling a Linux Incident With an OpenAI Twist (Part 2)
A Linux endpoint was simultaneously compromised by at least two distinct threat actors while the developer user relied on OpenAI's Codex AI agent for security remediation. Actor A deployed a cryptominer mining Monero to a private pool. Actor B installed a multi-revenue botnet including XMRig mining, residential proxy services, and bandwidth-selling components with eight different persistence mechanisms. Actor C, potentially affiliated with Actor B, executed mass data exfiltration of 15 categories including SSH keys, cloud credentials, and API tokens. The threat actors exploited CVE-2025-55182 (React2Shell) affecting Next.js and React applications. While Codex identified some threats, it lacked contextual awareness and privileged access needed for comprehensive incident response, creating additional noise that complicated SOC investigation. The endpoint was ultimately secured through managed EDR telemetry and expert SOC analysis.
Pulse ID: 69e95245cf3877ded3870cff
Pulse Link: https://otx.alienvault.com/pulse/69e95245cf3877ded3870cff
Pulse Author: AlienVault
Created: 2026-04-22 22:57:09Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Cloud #CryptoMiner #CyberSecurity #EDR #Endpoint #InfoSec #Linux #OTX #OpenThreatExchange #Proxy #RAT #SMS #SSH #bot #botnet #AlienVault
-
Mirai Campaign Exploits Command Injection Vulnerability in D-Link Routers
Attackers are exploiting a command injection vulnerability in end of life D Link routers to deploy Mirai malware and expand botnet operations.
Pulse ID: 69e95e18e14e580690a095ac
Pulse Link: https://otx.alienvault.com/pulse/69e95e18e14e580690a095ac
Pulse Author: cryptocti
Created: 2026-04-22 23:47:36Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #InfoSec #Malware #Mirai #OTX #OpenThreatExchange #RAT #Vulnerability #bot #botnet #cryptocti
-
Tracking Mirai Variant Nexcorium: A Vulnerability-Driven IoT Botnet Campaign
Pulse ID: 69e6fbc6a60343d558ae3cc8
Pulse Link: https://otx.alienvault.com/pulse/69e6fbc6a60343d558ae3cc8
Pulse Author: Tr1sa111
Created: 2026-04-21 04:23:34Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #InfoSec #IoT #Mirai #OTX #OpenThreatExchange #Vulnerability #bot #botnet #Tr1sa111
-
Tracking Mirai Variant Nexcorium: A Vulnerability-Driven IoT Botnet Campaign
Nexcorium is a multi-architecture Mirai variant exploiting CVE-2024-3721 in TBK DVR devices to build a botnet for distributed denial-of-service attacks. The campaign, attributed to Nexus Team based on custom HTTP headers, uses OS command injection to deliver malware across ARM, MIPS, and x86-64 architectures. The malware implements multiple persistence mechanisms including init configuration, startup scripts, systemd services, and cron jobs. It features XOR-encoded configurations, self-integrity checks, and self-replication capabilities. Attack capabilities include UDP flood, TCP SYN flood, TCP ACK flood, and VSE query flood among others. The botnet spreads through brute-force attacks using default credentials and exploits CVE-2017-17215 targeting Huawei HG532 devices, demonstrating typical IoT-focused botnet characteristics.
Pulse ID: 69e2824d25c0dbc3e1de156b
Pulse Link: https://otx.alienvault.com/pulse/69e2824d25c0dbc3e1de156b
Pulse Author: AlienVault
Created: 2026-04-17 18:56:13Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #ELF #GRIT #HTTP #ICS #InfoSec #IoT #Malware #Mirai #OTX #OpenThreatExchange #RAT #RCE #SMS #TCP #UDP #Vulnerability #bot #botnet #AlienVault
-
Tracking Mirai Variant Nexcorium: A Vulnerability-Driven IoT Botnet Campaign
Nexcorium is a multi-architecture Mirai variant exploiting CVE-2024-3721 in TBK DVR devices to build a botnet for distributed denial-of-service attacks. The campaign, attributed to Nexus Team based on custom HTTP headers, uses OS command injection to deliver malware across ARM, MIPS, and x86-64 architectures. The malware implements multiple persistence mechanisms including init configuration, startup scripts, systemd services, and cron jobs. It features XOR-encoded configurations, self-integrity checks, and self-replication capabilities. Attack capabilities include UDP flood, TCP SYN flood, TCP ACK flood, and VSE query flood among others. The botnet spreads through brute-force attacks using default credentials and exploits CVE-2017-17215 targeting Huawei HG532 devices, demonstrating typical IoT-focused botnet characteristics.
Pulse ID: 69e2824d25c0dbc3e1de156b
Pulse Link: https://otx.alienvault.com/pulse/69e2824d25c0dbc3e1de156b
Pulse Author: AlienVault
Created: 2026-04-17 18:56:13Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #ELF #GRIT #HTTP #ICS #InfoSec #IoT #Malware #Mirai #OTX #OpenThreatExchange #RAT #RCE #SMS #TCP #UDP #Vulnerability #bot #botnet #AlienVault
-
Tracking Mirai Variant Nexcorium: A Vulnerability-Driven IoT Botnet Campaign
Nexcorium is a multi-architecture Mirai variant exploiting CVE-2024-3721 in TBK DVR devices to build a botnet for distributed denial-of-service attacks. The campaign, attributed to Nexus Team based on custom HTTP headers, uses OS command injection to deliver malware across ARM, MIPS, and x86-64 architectures. The malware implements multiple persistence mechanisms including init configuration, startup scripts, systemd services, and cron jobs. It features XOR-encoded configurations, self-integrity checks, and self-replication capabilities. Attack capabilities include UDP flood, TCP SYN flood, TCP ACK flood, and VSE query flood among others. The botnet spreads through brute-force attacks using default credentials and exploits CVE-2017-17215 targeting Huawei HG532 devices, demonstrating typical IoT-focused botnet characteristics.
Pulse ID: 69e2824d25c0dbc3e1de156b
Pulse Link: https://otx.alienvault.com/pulse/69e2824d25c0dbc3e1de156b
Pulse Author: AlienVault
Created: 2026-04-17 18:56:13Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #ELF #GRIT #HTTP #ICS #InfoSec #IoT #Malware #Mirai #OTX #OpenThreatExchange #RAT #RCE #SMS #TCP #UDP #Vulnerability #bot #botnet #AlienVault
-
Tracking Mirai Variant Nexcorium: A Vulnerability-Driven IoT Botnet Campaign
Nexcorium is a multi-architecture Mirai variant exploiting CVE-2024-3721 in TBK DVR devices to build a botnet for distributed denial-of-service attacks. The campaign, attributed to Nexus Team based on custom HTTP headers, uses OS command injection to deliver malware across ARM, MIPS, and x86-64 architectures. The malware implements multiple persistence mechanisms including init configuration, startup scripts, systemd services, and cron jobs. It features XOR-encoded configurations, self-integrity checks, and self-replication capabilities. Attack capabilities include UDP flood, TCP SYN flood, TCP ACK flood, and VSE query flood among others. The botnet spreads through brute-force attacks using default credentials and exploits CVE-2017-17215 targeting Huawei HG532 devices, demonstrating typical IoT-focused botnet characteristics.
Pulse ID: 69e2824d25c0dbc3e1de156b
Pulse Link: https://otx.alienvault.com/pulse/69e2824d25c0dbc3e1de156b
Pulse Author: AlienVault
Created: 2026-04-17 18:56:13Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #ELF #GRIT #HTTP #ICS #InfoSec #IoT #Malware #Mirai #OTX #OpenThreatExchange #RAT #RCE #SMS #TCP #UDP #Vulnerability #bot #botnet #AlienVault
-
Tracking Mirai Variant Nexcorium: A Vulnerability-Driven IoT Botnet Campaign
Nexcorium is a multi-architecture Mirai variant exploiting CVE-2024-3721 in TBK DVR devices to build a botnet for distributed denial-of-service attacks. The campaign, attributed to Nexus Team based on custom HTTP headers, uses OS command injection to deliver malware across ARM, MIPS, and x86-64 architectures. The malware implements multiple persistence mechanisms including init configuration, startup scripts, systemd services, and cron jobs. It features XOR-encoded configurations, self-integrity checks, and self-replication capabilities. Attack capabilities include UDP flood, TCP SYN flood, TCP ACK flood, and VSE query flood among others. The botnet spreads through brute-force attacks using default credentials and exploits CVE-2017-17215 targeting Huawei HG532 devices, demonstrating typical IoT-focused botnet characteristics.
Pulse ID: 69e2824d25c0dbc3e1de156b
Pulse Link: https://otx.alienvault.com/pulse/69e2824d25c0dbc3e1de156b
Pulse Author: AlienVault
Created: 2026-04-17 18:56:13Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #ELF #GRIT #HTTP #ICS #InfoSec #IoT #Malware #Mirai #OTX #OpenThreatExchange #RAT #RCE #SMS #TCP #UDP #Vulnerability #bot #botnet #AlienVault
-
📢⚠️ #Nexcorium, a new Mirai-based malware, is targeting DVR devices to turn them into a botnet for DDoS attacks worldwide.
Read: https://hackread.com/mirai-variant-nexcorium-dvr-devices-ddos-attacks/
-
A Deep Dive Into Attempted Exploitation of CVE-2023-33538
Active exploitation attempts targeting CVE-2023-33538 in end-of-life TP-Link Wi-Fi routers were identified after CISA added it to the KEV catalog in June 2025. The vulnerability affects several router models including TL-WR940N, TL-WR740N, and TL-WR841N. Observed attacks attempted to deploy Mirai-like botnet malware, specifically variants associated with the Condi IoT botnet. Through firmware emulation and reverse engineering, researchers confirmed the vulnerability exists but discovered that successful exploitation requires authentication. The in-the-wild attacks contained critical flaws: they targeted the wrong parameter (ssid instead of ssid1), lacked authentication, and relied on utilities not present in the router firmware. The command injection vulnerability in the WlanNetworkRpm endpoint allows remote attackers to execute arbitrary commands when authenticated. The malware establishes C2 communication and propagates across architectures. TP-Link confirmed affected devices are end-of-life with no patc...
Pulse ID: 69e1f0ddb1aa33b71576ca92
Pulse Link: https://otx.alienvault.com/pulse/69e1f0ddb1aa33b71576ca92
Pulse Author: AlienVault
Created: 2026-04-17 08:35:41Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#AWS #CISA #CyberSecurity #Endpoint #InfoSec #IoT #Malware #Mirai #OTX #OpenThreatExchange #Vulnerability #bot #botnet #AlienVault
-
1 TB of proxies, bro.
Promise this is legit, bro.
Just sign up, bro.
We power proxies for about 10k teams, bro.
2.6M owned IPs, bro.
No credit card, bro.
I know the email address looks sketchy, bro.
It's definitely legit, bro.
You'll see the 1TB, bro. -
Q1 2026 Malware Statistics Report for Linux SSH Servers
Analysis of attacks against Linux SSH servers during Q1 2026 reveals P2PInfect worm as the dominant threat, representing 70.3% of all attack sources. DDoS botnets including Mirai, XMRig, Prometei, and CoinMiner were identified as primary threats. A notable campaign involved installing V2Ray proxy tools on compromised systems, attributed to a suspected Chinese threat actor. Attackers employed SSH brute-force techniques to gain access, executed reconnaissance commands to assess system information, and deployed V2Ray for proxy node operations. The campaign targeted poorly secured SSH servers with weak credentials, emphasizing the need for strong password policies, access controls, and network monitoring to detect unusual outbound connections and proxy-related activities.
Pulse ID: 69de00c30406a5cbb6ba9eef
Pulse Link: https://otx.alienvault.com/pulse/69de00c30406a5cbb6ba9eef
Pulse Author: AlienVault
Created: 2026-04-14 08:54:27Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Chinese #CoinMiner #CyberSecurity #DDoS #DoS #ICS #InfoSec #Linux #Malware #Mirai #OTX #OpenThreatExchange #Password #Proxy #RAT #RCE #SSH #Word #Worm #bot #botnet #AlienVault
-
😐 Аналітична доповідь: позов штату Техас проти TP-Link Systems Inc.
1. Суть позову
Генеральний прокурор штату Техас ініціював судове провадження проти TP-Link Systems Inc. за кількома напрямами:
Оманливе маркування походження: продукція просувалася як «Made in Vietnam», тоді як критичні елементи виробництва та supply chain прив’язані до Китаю.
Недостовірні заяви про безпеку: пристрої позиціонувалися як secure-by-design, попри наявність численних firmware-вразливостей.
Кіберризики державного рівня: за твердженням позову, уразливості могли експлуатуватися структурами, пов’язаними з китайськими державними кіберопераціями.
---
2. Юридична рамка
Позов, імовірно, базується на:
Законодавстві про захист прав споживачів (Deceptive Trade Practices)
Data privacy regulation (state-level)
Потенційно — норми, що стосуються національної безпеки (якщо доведено зв’язок із державними акторами)
---
3. Ключові вимоги прокуратури
Суду пропонується:
🚫 Заборонити заяви про «виробництво у В’єтнамі» без прозорої деталізації
🌐 Примусити до розкриття зв’язків із китайськими структурами
🔐 Обмежити або призупинити збір даних без явної згоди користувачів
🛠 Зобов’язати усунути бекдори та критичні вразливості
⚖️ Провести jury trial (суд присяжних)
---
4. Технічний аспект (кібербезпека)
Проблематика не нова для сегмента SOHO-обладнання:
Часті кейси hardcoded credentials
Вразливості в web-interface та remote management API
Відсутність своєчасних security patches
Ризик використання пристроїв у botnet-інфраструктурі (аналогії з Mirai-подібними сценаріями)
Якщо твердження про бекдори підтвердяться, це переводить кейс із комерційної площини в геополітичну.
---
5. Геополітичний контекст
Цей позов вписується у ширший тренд:
ескалація технологічного протистояння США — Китай
підвищена увага до supply chain transparency
кейси проти Huawei та ZTE як прецеденти
TP-Link, як масовий постачальник мережевого обладнання, стає критичною точкою ризику через масштаб інсталяцій.
---
6. Потенційні наслідки
Для TP-Link:
штрафи та примусові зміни маркетингової політики
аудит безпеки продуктів
репутаційні втрати на глобальному ринку
Для ринку:
посилення вимог до origin disclosure
тренд на security certification для consumer-grade пристроїв
перерозподіл частки ринку на користь альтернативних брендів
Для користувачів:
зростання обізнаності щодо ризиків мережевого обладнання
попит на open-source firmware (OpenWRT-клас рішень)
---
7. Висновок
Позов проти TP-Link Systems Inc. — це не лише про маркування або маркетинг. Це комбінований кейс на перетині кібербезпеки, споживчого права та геополітики, який може сформувати нові стандарти прозорості для всього сегмента мережевого обладнання.
---
#TPLink #Texas #кибербезпека #CyberSecurity #China #USA #DataPrivacy #Backdoor #IoT #RouterSecurity #Firmware #InfoSec #SupplyChain #TechWar #Huawei #ZTE #мережі #інтернетбезпека #botnet #вразливості #геополітика #санкції #аналіз #security #privacy
-
How Criminals Can Exploit the Blockchain Name Space
On March 19, Wired published an article on how the US Justice Department and law enforcement agencies of collaborating countries took down the command-and-control of several botnets that were used for a huge number of cyberattacks, such as Distributed Denial of Service attacks
In this article, Interisle's Andy Malis look at botnets generally and how they exploit the DNS. He thens looks at a variation of the conventional botnet exploitation of the DNS that leverages the name space for Ethereum blockchain.
https://interisle.substack.com/p/how-criminals-can-exploit-the-blockchain
-
It turns out #Mirai malware isn’t fading, it’s multiplying. Hundreds of Mirai-based variants now host massive botnet growth, exploiting weak IoT devices and evolving attack methods.
Read more: https://hackread.com/mirai-malware-variants-botnet-growth/
-
Erfolgreicher Schlag gegen Cyberkriminalität! 🚨 Internationale Ermittler aus USA, Deutschland & Kanada haben vier mächtige Botnetze (Aisuru, Kimwolf, JackSkid, Mossad) zerschlagen – über 3 Mio. infizierte Geräte wie Router & Webcams lahmgelegt. Hunderttausende DDoS-Angriffe, auch auf US-Militärseiten, gestoppt. Administratoren in DE & CA gefasst. 💻🔒 https://www.n-tv.de/technik/Maechtige-Schadprogramme-fuer-Computer-lahmgelegt-id30492441.html #Cybersecurity #Botnet #DDoS #Cybercrime #Newz
-
This Week in Security: Linux Flaws, Python Ownage, and a Botnet Shutdown
-
This Week in Security: Linux Flaws, Python Ownage, and a Botnet Shutdown
-
The strategy of (presumable AI operated) botnet trying to spam #fcz instance with fake accounts (for whatever purpose) is somewhat funny. They somehow figured out, that I am moderator - so the first thing these profiles do is to block me.
Which makes my job extremely easy, as I really can just delete all accounts, which block me (if it is the first thing they do: before posting anything, following anybody, or so). Of course, there is also distinct pattern of weird mail servers they use.
The strategies of our new AI overlords remind me more of "intelligence" of insects, like mosquitos, or so. Dumb, but the problem is persistence of their activity...
-
KadNap: Wie ein neues Botnetz tausende Asus-Router als Proxy-Knoten missbraucht
Die Schadsoftware setzt auf ein dezentrales Peer-to-Peer-Protokoll, um ihre Steuerungsinfrastruktur vor Entdeckung zu schützen – ein Ansatz, der herkömmliche Abwehrmethoden gezielt unterläuft.
-
#Kimwolf #Botnet Swamps #Anonymity Network #I2P
For the past week, the massive “Internet of Things” ( #IoT;) botnet known as Kimwolf has been disrupting The #InvisibleInternetProject ( #I2P ), a decentralized, #encrypted communications network designed to #anonymize and secure online communications.
#privacy #security #encryptionhttps://krebsonsecurity.com/2026/02/kimwolf-botnet-swamps-anonymity-network-i2p/
-
New, from me: Who Operates the Badbox 2.0 Botnet?
The cybercriminals in control of Kimwolf -- a disruptive botnet that has infected more than 2 million devices -- recently shared a screenshot indicating they'd compromised the control panel for Badbox 2.0, a vast China-based botnet powered by malicious software that comes pre-installed on many Android TV streaming boxes. Both the FBI and Google say they are hunting for the people behind Badbox 2.0, and thanks to bragging by the Kimwolf botmasters we may now have a much clearer idea about that.
https://krebsonsecurity.com/2026/01/who-operates-the-badbox-2-0-botnet/
-
New, from me: The Kimwolf Botnet is Lurking in Corporate, Govt. Networks
A new Internet-of-Things botnet called Kimwolf has spread to more than 2 million devices, forcing infected systems to participate in massive distributed denial-of-service (DDoS) attacks and to relay other malicious and abusive Internet traffic. Kimwolf’s ability to scan the local networks of compromised systems for other IoT devices to infect makes it a sobering threat to organizations, and new research reveals Kimwolf is surprisingly prevalent in government and corporate networks.
https://krebsonsecurity.com/2026/01/kimwolf-botnet-lurking-in-corporate-govt-networks/
-
New ‘Broadside’ Botnet Poses Risk to Shipping Companies https://www.securityweek.com/new-broadside-botnet-poses-risk-to-shipping-companies/ #Malware&Threats #IoTSecurity #Broadside #IoTbotnet #botnet #DVR
-
Dziurawe cyfrowe ramki na zdjęcia – szereg poważnych luk bezpieczeństwa w popularnych urządzeniach
Doniesienia na temat problemów z bezpieczeństwem w świecie IoT znajdują się już w naszym stałym repertuarze, jednak opleceni coraz gęstszą siecią sprzętu zaliczanego do tej grupy często nie zdajemy sobie sprawy skąd czyhają kolejne zagrożenia. Tym razem pochylimy się nad raportem zespołu Quokka. Badacze wzięli na warsztat popularne cyfrowe ramki...
#Aktualności #Android #Awareness #Botnet #Chiny #Fotografie #Malware #Md5 #PathTraversal #Quokka #Ramki #Szpiegostwo #Uhale #Wyciek
