Tag: botnet
-
PlayPraetor Android Trojan Infects 11,000+ Devices via Fake Google Play Pages and Meta Ads
Cybersecurity researchers have discovered a nascent Android remote access trojan (RAT) called PlayPraetor that has infected more than 11,000 devices, primarily across Portugal, Spain, France, Morocco, Peru, and Hong Kong.”The botnet’s rapid growth, which now exceeds 2,000 new infections per week, is driven by aggressive campaigns focusing on Spanish and French speakers, indicating a strategic…
-
New VoIP Botnet Targets Routers Using Default Passwords
Tags: attack, botnet, cyber, cybersecurity, exploit, intelligence, malicious, password, router, voipCybersecurity researchers have uncovered a sophisticated botnet operation exploiting VoIP-enabled routers through default password attacks, with initial activity concentrated in rural New Mexico before expanding globally to compromise approximately 500 devices. The discovery began when GreyNoise Intelligence engineers noticed an unusual cluster of malicious IP addresses originating from a sparsely populated region of New Mexico…
-
Botnet Abuses GitHub Repositories to Spread Malware
Hackers Using Amadey Bot to Drops Payloads From Fake GitHub Accounts. Threat actors are using public GitHub repositories to host and distribute malware through the Amadey botnet in an ongoing campaign linked to a broader malware-as-a-service operation, Cisco Talos said in a report published Thursday. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/botnet-abuses-github-repositories-to-spread-malware-a-29014
-
Google Sues the Operators Behind the BadBox 2.0 Botnet
Google is suing the operators behind BadBox 2.0, accusing multiple Chinese threat groups of playing different roles in the operation of the massive botnet that rolled up more than 10 million devices to run large-scale ad fraud and other malicious campaigns. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/07/google-sues-the-operators-behind-the-badbox-2-0-botnet/
-
Google Sues BadBox 2.0 Botnet Operators Behind 10 Million+ Infected Devices
Google has initiated legal proceedings against the operators of BadBox 2.0, identified as the largest botnet comprising internet-connected televisions and other devices. This botnet, uncovered through a collaborative effort with cybersecurity firms HUMAN Security and Trend Micro, has infected over 10 million uncertified devices running the Android Open Source Project (AOSP). Unlike certified Android systems…
-
Google Sues 25 Chinese Entities Over BADBOX 2.0 Botnet Affecting 10M Android Devices
Google on Thursday revealed it’s pursuing legal action in New York federal court against 25 unnamed individuals or entities in China for allegedly operating BADBOX 2.0 botnet and residential proxy infrastructure.”The BADBOX 2.0 botnet compromised over 10 million uncertified devices running Android’s open-source software (Android Open Source Project), which lacks Google’s security protections,” First seen…
-
Threat Actors Exploit GitHub Accounts to Host Payloads, Tools, and Amadey Malware Plugins
Cisco Talos researchers identified a sophisticated Malware-as-a-Service (MaaS) operation in April 2025 that employed the Amadey botnet to distribute various payloads. This operation exploited fake GitHub accounts as open directories for hosting malicious payloads, tools, and Amadey plugins, aiming to evade web filtering mechanisms and simplify distribution. By leveraging GitHub’s legitimate domain, threat actors could…
-
AI-Generated Lcryx Ransomware Discovered in Cryptomining Botnet
A cryptomining botnet active since 2019 has incorporated likely AI-generated Lcryx ransomware into its operations First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/lcryx-ransomware-discovered-crypto/
-
Google sues 25 alleged BadBox 2.0 botnet operators, all of whom are in China
Ads giant complains of damage to its reputation and finances … and crime, too First seen on theregister.com Jump to article: www.theregister.com/2025/07/17/google_sues_25_unnamed_chinese/
-
Google sues to disrupt BadBox 2.0 botnet infecting 10 million devices
Google has filed a lawsuit against the anonymous operators of the Android BadBox 2.0 malware botnet, accusing them of running a global ad fraud scheme against the company’s advertising platforms. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-sues-to-disrupt-badbox-20-botnet-infecting-10-million-devices/
-
H2Miner Targets Linux, Windows, and Containers to Illicitly Mine Monero
FortiGuard Labs researchers have uncovered a sophisticated cryptomining campaign where the H2Miner botnet, active since late 2019, has expanded its operations to target Linux, Windows, and containerized environments simultaneously. The campaign represents a significant evolution in cross-platform cryptocurrency mining attacks, with threat actors leveraging updated scripts and infrastructure to maximize financial gains from compromised systems.…
-
Malware-as-a-Service Campaign Exploits GitHub to Deliver Payloads
A new malware campaign uses GitHub to deliver payloads via Amadey botnet, bypassing email distribution First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/maas-campaign-github-payloads/
-
Ermittlern gelingt Schlag gegen prorussische Hacker
Durch eine internationale Ermittlungsaktion wurde das Servernetz der prorussischen Hackergruppe NoName057(16) lahmgelegt.Deutsche und internationale Strafverfolgungsbehörden sind bei einer gemeinsamen Aktion gegen die Hackergruppe “NoName057(16)” vorgegangen. Nach Angaben des Bundeskriminalamts (BKA) wurde dabei ein aus weltweit verteilten Servern bestehendes Botnetz abgeschaltet, das für gezielte digitale Überlastungsangriffe auf Internetseiten eingesetzt wurde. Solche sogenannten Distributed Denial of Service (DDoS)-Angriffe…
-
Botnetz abgeschaltet: BKA geht gegen prorussische Hackergruppe vor
Die russische Hackergruppe NoName057(16) koordinierte DDoS-Angriffe mit 100 eigenen Servern und mehr als 1.000 Unterstützern auf Telegram. First seen on golem.de Jump to article: www.golem.de/news/botnetz-abgeschaltet-bka-geht-gegen-prorussische-hackergruppe-vor-2507-198177.html
-
Massive Scraper Botnet of 3,600+ Devices Targets US and UK Websites
GreyNoise has discovered an undiscovered version of a scraper botnet with more than 3,600 distinct IP addresses worldwide, which is a major cybersecurity development. This botnet, first observed on April 19, 2025, exhibits a distinct behavioral footprint that makes it stand out, even as it employs a simplistic and easily spoofable user-agent string, >>Hello-World/1.0.
-
RondoDox Botnet Exploits Flaws in TBK DVRs and Four-Faith Routers to Launch DDoS Attacks
Cybersecurity researchers are calling attention to a malware campaign that’s targeting security flaws in TBK digital video recorders (DVRs) and Four-Faith routers to rope the devices into a new botnet called RondoDox.The vulnerabilities in question include CVE-2024-3721, a medium-severity command injection vulnerability affecting TBK DVR-4104 and DVR-4216 DVRs, and CVE-2024-12856, an operating First seen on…
-
RondoDox Botnet Exploits Flaws in TBK DVRs and Four-Faith Routers to Launch DDoS Attacks
Cybersecurity researchers are calling attention to a malware campaign that’s targeting security flaws in TBK digital video recorders (DVRs) and Four-Faith routers to rope the devices into a new botnet called RondoDox.The vulnerabilities in question include CVE-2024-3721, a medium-severity command injection vulnerability affecting TBK DVR-4104 and DVR-4216 DVRs, and CVE-2024-12856, an operating First seen on…
-
New Hpingbot Exploits Pastebin for Payload Delivery and Uses Hping3 for DDoS Attacks
NSFOCUS Fuying Lab’s Global Threat Hunting System has discovered a new botnet family called >>hpingbot
-
Hackers Leverage Critical Langflow Flaw to Deploy Flodrix Botnet and Seize System Control
Tags: ai, botnet, control, cve, cvss, cyber, cyberattack, exploit, flaw, framework, hacker, rce, remote-code-execution, vulnerabilityA sophisticated cyberattack campaign has emerged, exploiting a critical vulnerability in Langflow, a widely-used Python-based framework for building AI applications, to deploy the destructive Flodrix botnet. Identified as CVE-2025-3248 and carrying a near-perfect CVSS score of 9.8, this unauthenticated remote code execution (RCE) flaw impacts Langflow versions prior to 1.3.0. Unveiling a Severe RCE Vulnerability…
-
Significantly more attack vectors leveraged by Androxgh0st botnet
First seen on scworld.com Jump to article: www.scworld.com/brief/significantly-more-attack-vectors-leveraged-by-androxgh0st-botnet
-
US University Targeted by Androxgh0st Botnet Operators for C2 Logger Hosting
CloudSEK’s TRIAD team has made the shocking discovery that the Androxgh0st botnet is a persistent and dynamic cyberthreat. It has targeted a subdomain of the University of California, San Diego, specifically the “USArhythms” portal associated with the USA Basketball Men’s U19 National Team for the 2025 FIBA Under-19 Basketball World Cup, to host its command-and-control…
-
Smashing Security podcast #423: Operation Endgame, deepfakes, and dead slugs
In this episode of the “Smashing Security” podcast, Graham unravels Operation Endgame – the surprisingly stylish police crackdown that is seizing botnets, mocking malware authors with anime videos, and taunting cybercriminals via Telegram. And BBC cyber correspondent Joe Tidy joins us to talk about “Ctrl-Alt-Chaos”, his new book diving into the murky world of teenage…
-
LapDogs Campaign Shows Chinese Groups’ Growing Use of ORB Networks
A cyberespionage campaign called LapDogs by SecurityScorecard illustrates the growing use of ORB networks by China-nexus threat groups, which use botnet-like techniques to stay undetected while collecting information and establishing persistence in compromised networks. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/lapdogs-campaign-shows-chinese-groups-growing-use-of-orb-networks/
-
Akamai Reveals New Strategies for Defenders to Combat Cryptominer Attacks
Akamai has unveiled two proactive strategies to disrupt malicious cryptominer operations, as detailed in the final installment of their Cryptominers’ Anatomy blog series. These techniques exploit the inherent design of common mining topologies, focusing on the Stratum protocol and pool policies to effectively halt botnet-driven cryptomining campaigns. Innovative Techniques Target Mining Topologies While the methods…
-
Disrupting the operations of cryptocurrency mining botnets
Cybersecurity researchers devised two attack techniques to disrupt the operations of cryptocurrency mining botnets. Akamai Researchers uncovered two novel techniques to disrupt cryptocurrency mining botnets by exploiting flaws in common mining topologies. Current methods to stop cryptocurrecy mining botnets are pool bans or infrastructure takedowns, however, both are slow and complex. Researchers developed two faster techniques exploiting…
-
Prometei botnet activity has surged since March 2025
Prometei botnet activity has surged since March 2025, with a new malware variant spreading rapidly, Palo Alto Networks reports. Palo Alto Networks warns of a spike in Prometei botnet activity since March 2025, the researchers observed a new variant spreading rapidly. Since March 2025, Prometei botnet is targeting Linux systems for Monero mining and credential…
-
Akamai proposes tool to defang cryptomining botnets
A new way of thinking: As cyber attacks evolve, it’s important for organizations to have a clear approach to how they want to respond, commented Fernando Montenegro, vice-president and cybersecurity practice lead at The Futurum Group. “That response may be different at the individual organization level when compared to the public response at large. I mention…
-
Androxgh0st Botnet Expands Reach, Exploiting US University Servers
New CloudSEK findings show Androxgh0st botnet evolving. Academic institutions, including UC San Diego, hit. Discover how this sophisticated… First seen on hackread.com Jump to article: hackread.com/androxgh0st-botnet-expand-exploit-us-university-servers/
-
Linux servers subjected to resurgent Prometei botnet intrusions
First seen on scworld.com Jump to article: www.scworld.com/brief/linux-servers-subjected-to-resurgent-prometei-botnet-intrusions