botnet
-
Blog
New PumaBot botnet brute forces SSH credentials to breach devices
A newly discovered Go-based Linux botnet malware named PumaBot is brute-forcing SSH credentials on embedded IoT devices to deploy malicious payloads. The targeted nature of PumaBot is also evident by the fact it targets specific IPs based on lists pulled from a command-and-control (C2) server instead of broader scanning of the internet. Targeting surveillance cams Darktrace documented PumaBot in a report…
Read More » -
Blog
US indicts leader of Qakbot botnet linked to ransomware attacks
The U.S. government has indicted Russian national Rustam Rafailevich Gallyamov, the leader of the Qakbot botnet malware operation that compromised over 700,000 computers and enabled ransomware attacks. As per court documents, Gallyamov started to develop Qakbot (also known as Qbot and Pinkslipbot) in 2008 and deployed it to create a network of thousands of infected computers. Over time, a team…
Read More » -
Blog
FBI takes down botnet exploiting aging routers
The FBI and Dutch police have taken down two botnets and indicted four people believed to have been behind it. The botnet involved thousands of older wireless internet routers worldwide, installing malware that allowed them to be reconfigured and then making them available for sale as proxy servers on the Anyproxy.net and 5socks.net websites. Both website domains were managed by…
Read More » -
Blog
Police dismantles botnet selling hacked routers as residential proxies
Law enforcement authorities have dismantled a botnet that infected thousands of routers over the last 20 years to build two networks of residential proxies known as Anyproxy and 5socks. The U.S. Justice Department also indicted three Russian nationals (Alexey Viktorovich Chertkov, Kirill Vladimirovich Morozov, and Aleksandr Aleksandrovich Shishkin) and a Kazakhstani (Dmitriy Rubtsov) for their involvement in operating, maintaining, and…
Read More » -
Blog
Seized database helps Europol snare botnet customers in ‘Operation Endgame’ follow-up sting
Europol has detained several people believed to be involved in a botnet operation as part of a follow-up to a major takedown last year. Following the Operation Endgame investigation, major malware droppers including IcedID, SystemBC, Pikabot, Smokeloader and Bumblebee, were shut down last year. According to Europol, analysis of the contents of a seized database enabled it to identify customers…
Read More » -
Blog
Unpatched Edimax IP camera flaw actively exploited in botnet attacks
A critical command injection vulnerability impacting the Edimax IC-7100 IP camera is currently being exploited by botnet malware to compromise devices. The flaw was discovered by Akamai researchers, who confirmed to BleepingComputer that the flaw is exploited in attacks that are still ongoing. Akamai researcher Kyle Lefton told BleepingComputer that they will provide more technical details about the flaw and…
Read More » -
Blog
New Eleven11bot botnet infects 86,000 devices for DDoS attacks
A new botnet malware named ‘Eleven11bot’ has infected over 86,000 IoT devices, primarily security cameras and network video recorders (NVRs), to conduct DDoS attacks. The botnet, which is loosely linked to Iran, has already launched distributed denial of service (DDoS) attacks targeting telecommunication service providers and online gaming servers. Eleven11bot was discovered by Nokia researchers who shared the details with…
Read More » -
Blog
Vo1d malware botnet grows to 1.6 million Android TVs worldwide
A new variant of the Vo1d malware botnet has grown to 1,590,299 infected Android TV devices across 226 countries, recruiting devices as part of anonymous proxy server networks. This is according to an investigation by Xlab, which has been tracking the new campaign since last November, reporting that the botnet peaked on January 14, 2025, and currently has 800,000 active…
Read More » -
Blog
New Aquabotv3 botnet malware targets Mitel command injection flaw
A new variant of the Mirai-based botnet malware Aquabot has been observed actively exploiting CVE-2024-41710, a command injection vulnerability in Mitel SIP phones. The activity was discovered by Akamai’s Security Intelligence and Response Team (SIRT), who reports that this is the third variant of Aquabot that falls under their radar. The malware family was introduced in 2023, and a second…
Read More » -
Blog
MikroTik botnet uses misconfigured SPF DNS records to spread malware
A newly discovered botnet of 13,000 MikroTik devices uses a misconfiguration in domain name server records to bypass email protections and deliver malware by spoofing roughly 20,000 web domains. The threat actor takes advantage of an improperly configured DNS record for the sender policy framework (SPF) used for listing all the servers authorized to send emails on behalf of a domain.…
Read More »