Tag: botnet
-
14.000 Router infiziert: Wie vor allem Asus-Geräte von Hackern als Botnetz genutzt werden
First seen on t3n.de Jump to article: t3n.de/news/asus-router-botnetz-14000-geraete-infiziert-hacker-1733632/
-
âš¡ Weekly Recap: Chrome 0-Days, Router Botnets, AWS Breach, Rogue AI Agents & More
Some weeks in security feel normal. Then you read a few tabs and get that immediate “ah, great, we’re doing this now” feeling.This week has that energy. Fresh messes, old problems getting sharper, and research that stops feeling theoretical real fast. A few bits hit a little too close to real life, too. There’s a…
-
RondoDox Botnet Scales Up, Exploiting 174 Vulnerabilities via Residential IPs
RondoDox is a Mirai”‘style botnet that has quickly evolved into a highly automated exploitation engine, chaining 174 vulnerabilities with large”‘scale use of compromised residential IP infrastructure.”‹ This explosive growth widens the global attack surface, especially as many vendors still ship devices with weak security controls and poor patch practices. Previous research has already highlighted systemic…
-
14.000 Router infiziert: Wie die Geräte von Kriminellen als Botnetz genutzt werden
First seen on t3n.de Jump to article: t3n.de/news/14-000-router-infiziert-wie-die-geraete-von-kriminellen-als-botnetz-genutzt-werden-1733632/
-
US and European authorities disrupt socksEscort proxy service tied to AVrecon botnet
Authorities in the US and Europe disrupted the SocksEscort proxy service, which used the AVrecon botnet and infected about 360,000 devices since 2020. Law enforcement agencies in the US and Europe have disrupted SocksEscort, a malicious proxy service powered by the AVrecon botnet. Active since 2020, the service hijacked roughly 360,000 devices and allowed cybercriminals…
-
Authorities Disrupt SocksEscort Proxy Botnet Exploiting 369,000 IPs Across 163 Countries
A court-authorized international law enforcement operation has dismantled a criminal proxy service named SocksEscort that enslaved thousands of residential routers worldwide into a botnet for committing large-scale fraud.”SocksEscort infected home and small business internet routers with malware,” the U.S. Department of Justice (DoJ) said. “The malware allowed SocksEscort to direct internet First seen on thehackernews.com…
-
Breach Roundup: Russian State Actors Target Signal, WhatsApp
Also, More ClickFix Attacks and Teen Booters Arrested in Poland. This week, Russian hackers targeted Signal and WhatsApp users, permit-fee phishing hit U.S. applicants, ClickFix on WordPress sites, Microsoft patched 80 bugs, a 14K-router botnet, Polish teens held over DDoS tools and Finland warned of Russian, Chinese espionage. North Korean IT workers for hire. First…
-
Authorities takedown global proxy network SocksEscort
The botnet, which compromised routers and IoT devices in 163 countries, claimed about 369,000 victims and $5.8 million from its cybercriminal customers, officials said. First seen on cyberscoop.com Jump to article: cyberscoop.com/socksescort-proxy-network-botnet-takedown/
-
Law enforcement shuts down botnet made of tens of thousands of hacked routers
An international law enforcement operation shut down a service called SocksEscort, which allegedly helped cybercriminals all over the world launch ransomware and DDoS attacks, as well as distribute child sexual abuse material. First seen on techcrunch.com Jump to article: techcrunch.com/2026/03/12/law-enforcement-shuts-down-botnet-made-of-tens-of-thousands-of-hacked-routers/
-
4,000+ Routers Compromised by KadNap Malware Exploiting Vulnerabilities
A newly uncovered malware campaign dubbed KadNap has silently conscripted more than 14,000 internet”‘exposed routers and edge devices into a stealth proxy botnet, with Asus routers the primary victims. More than 60% of known victims are located in the United States, with additional infections observed in Taiwan, Hong Kong, Russia, and other countriesHow KadNap Infects Routers The…
-
KadNap bot compromises 14,000+ devices to route malicious traffic
KadNap malware infects 14,000+ edge devices, mainly Asus routers, turning them into a stealth proxy botnet used to route malicious internet traffic. KadNap malware infects more than 14,000 edge devices, mainly ASUS routers, and turns them into a proxy botnet used to route malicious traffic. First detected in August 2025, the campaign heavily targets the…
-
Inside Kimwolf Traffic: How Residential Proxies Fuel Credential Stuffing, Web Scraping, Fraud
DataDome analyzed Kimwolf botnet traffic targeting businesses. See how residential proxies fuel credential stuffing, web scraping, and fraud attacks. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/inside-kimwolf-traffic-how-residential-proxies-fuel-credential-stuffing-web-scraping-fraud/
-
KadNap Malware Infects 14,000+ Edge Devices to Power Stealth Proxy Botnet
Cybersecurity researchers have discovered a new malware called KadNap that’s primarily targeting Asus routers to enlist them into a botnet for proxying malicious traffic.The malware, first detected in the wild in August 2025, has expanded to over 14,000 infected devices, with more than 60% of victims located in the U.S., according to the Black Lotus…
-
New KadNap botnet hijacks ASUS routers to fuel cybercrime proxy network
A newly discovered botnet malware called KadNap is targeting ASUS routers and other edge networking devices to turn them into proxies for malicious traffic. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-kadnap-botnet-hijacks-asus-routers-to-fuel-cybercrime-proxy-network/
-
How Threat Actors Turned OpenClaw Into a Scraping Botnet
How did OpenClaw become botnet infrastructure so quickly? DataDome analyzes the hijacked AI agents scraping sites at scale and how we detect them. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/how-threat-actors-turned-openclaw-into-a-scraping-botnet/
-
Zerobot Malware Exploits Tenda Command Injection Vulnerabilities to Deploy Malicious Payloads
An active Zerobot campaign abusing two critical vulnerabilities CVE-2025-7544 in Tenda AC1206 routers and CVE-2025-68613 in the n8n workflow automation platform to deploy a Mirai-based payload dubbed Zerobotv9. The campaign uses common download tools and multi-architecture binaries to rapidly enroll compromised systems into a botnet that can be leveraged for denial-of-service attack and further intrusion…
-
Digital Outposts: Evaluating the Role of DDoS Attacks in US-Iran Conflict
Background According to the monitoring data from NSFOCUS Fuying Lab, since the outbreak of domestic conflict in Iran in January 2026 and the subsequent escalation of tensions over the nuclear issue between the U.S. and Iran, Iran has been continuously subjected to DDoS attacks. The attack methods have shown diverse characteristics, including both botnet-based attacks…The…
-
OCRFix Botnet Uses ClickFix Phishing and EtherHiding to Mask Blockchain C2 Infrastructure
OCRFix is a multi-stage botnet Trojan campaign that abuses a fake Tesseract OCR download site, ClickFix-style PowerShell execution, and EtherHiding on BNB Smart Chain to conceal a rotating blockchain-backed command infrastructure. The fake site gates content behind a bogus CAPTCHA and then instructs users to open PowerShell and paste a pre-copied command, a hallmark of…
-
Aeternum botnet hides commands in Polygon smart contracts
Aeternum botnet uses Polygon blockchain smart contracts for C&C, making its infrastructure harder to detect and disrupt. Qrator Labs researchers uncovered Aeternum, a botnet that runs its command-and-control infrastructure through smart contracts on the Polygon blockchain. By decentralizing its C2, the malware avoids traditional server-based takedowns and becomes far harder to disrupt or shut down,…
-
Researchers Unveil Aeternum C2 Infrastructure with Advanced Evasion and Persistence Tactics
For years, defenders have relied on a simple strategy to dismantle botnets find and seize their command-and-control (C2) servers. That weakness enabled global law enforcement operations to disrupt massive botnets such as Emotet, TrickBot, and QakBot. But a newly identified C2 framework,Aeternum, may render those tactics obsolete. Instead of using centralized servers or domains, Aeternum…
-
New Aeternum C2 Botnet Evades Takedowns via Polygon Blockchain
Qrator Research Lab has identified Aeternum C2, a botnet that uses the Polygon blockchain for commands, making it nearly impossible to shut down. First seen on hackread.com Jump to article: hackread.com/aeternum-c2-botnet-polygon-blockchain/
-
Aeternum C2 Botnet Stores Encrypted Commands on Polygon Blockchain to Evade Takedown
Cybersecurity researchers have disclosed details of a new botnet loader called Aeternum C2 that uses a blockchain-based command-and-control (C2) infrastructure to make it resilient to takedown efforts.”Instead of relying on traditional servers or domains for command-and-control, Aeternum stores its instructions on the public Polygon blockchain,” Qrator Labs said in a report shared with The First…
-
Aeternum Botnet Shifts Command Control to Polygon Blockchain
New botnet Aeternum shifted C2 operations to Polygon blockchain, complicating takedown efforts First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/aeternum-botnet-c2-polygon/
-
Weekly Recap: Outlook Add-Ins Hijack, 0-Day Patches, Wormable Botnet & AI Malware
This week’s recap shows how small gaps are turning into big entry points. Not always through new exploits, often through tools, add-ons, cloud setups, or workflows that people already trust and rarely question.Another signal: attackers are mixing old and new methods. Legacy botnet tactics, modern cloud abuse, AI assistance, and supply-chain exposure are being used…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 84
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Stan Ghouls targeting Russia and Uzbekistan with NetSupport RAT Breaking Down ZeroDayRAT New Spyware Targeting Android and iOS Old-School IRC, New Victims: Inside the Newly Discovered SSHStalker Linux Botnet Reynolds: Defense Evasion Capability […]…
-
Feiniu NAS Devices Hit in Massive Netdragon Botnet Attack Exploiting Unpatched Vulnerabilities
Tags: attack, backdoor, botnet, cyber, ddos, exploit, infrastructure, malware, network, vulnerabilityFeiniu fnOS network-attached storage (NAS) devices have been pulled into a large Netdragon botnet after attackers exploited still-unpatched vulnerabilities, turning home and small”‘business storage into infrastructure for DDoS attacks.”‹ The malware opens an HTTP backdoor on port 57132, letting attackers run arbitrary system commands remotely via crafted GET requests to the /api path. Using traffic fingerprints from…
-
Kimwolf Botnet Swamps Anonymity Network I2P
For the past week, the massive “Internet of Things” (IoT) botnet known as Kimwolf has been disrupting the The Invisible Internet Project (I2P), a decentralized, encrypted communications network designed to anonymize and secure online communications. I2P users started reporting disruptions in the network around the same time the Kimwolf botmasters began relying on it to…
-
New Linux botnet SSHStalker uses old-school IRC for C2 comms
A newly documented Linux botnet named SSHStalker is using the IRC (Internet Relay Chat) communication protocol for command-and-control (C2) operations. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-linux-botnet-sshstalker-uses-old-school-irc-for-c2-comms/