Tag: botnet
-
Mirai Botnet Variant Exploits DVR Flaw to Build Swarm
A Mirai Offshoot Uses DVR Command Injection Bug to Spread, Hitting 50,000 Devices. A Mirai botnet malware variant is targeting a command injection vulnerability in internet-connected digital video recorders used for CCTV surveillance, enabling attackers to take control of the devices and add them to a botnet. A security researcher first identified the vulnerability in…
-
TBK DVRs targeted by updated Mirai botnet
Tags: botnetFirst seen on scworld.com Jump to article: www.scworld.com/brief/tbk-dvrs-targeted-by-updated-mirai-botnet
-
BadBox 2.0 Botnet Infects Million-Plus Devices, FBI Says
BadBox 2.0, which emerged two years after the initial iteration launched and a year after it was disrupted by vendors, has infected more than 1 million IoT consumer devices, prompting a warning to such systems from the FBI. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/badbox-2-0-botnet-infects-million-plus-devices-fbi-says/
-
Mirai Botnets Exploit Flaw in Unpatched Wazuh Servers
Modular Mirai Malware Code Strikes Again. No fewer than two separate Mirai botnets are on the hunt for unpatched servers hosting open source SIEM solution Wazuh, an unusual variation of hackers’ typical focus on Internet of Things devices for stringing together infected computers. Akamai dates the first campaign to March, the other to May. First…
-
Two Distinct Botnets Exploit Wazuh Server Vulnerability to Launch Mirai-Based Attacks
A now-patched critical security flaw in the Wazur Server is being exploited by threat actors to drop two different Mirai botnet variants and use them to conduct distributed denial-of-service (DDoS) attacks.Akamai, which first discovered the exploitation efforts in late March 2025, said the malicious campaign targets CVE-2025-24016 (CVSS score: 9.9), an unsafe deserialization vulnerability that…
-
New Mirai botnet targets TBK DVRs by exploiting CVE-2024-3721
A new variant of the Mirai botnet exploits CVE-2024-3721 to target DVR systems, using a new infection method. Researchers from Russian cybersecurity firm Kaspersky discovered a new variant of the Mirai botnet that exploits a command injection vulnerability (CVE-2024-3721) in TBK DVR-4104 and DVR-4216 digital video recording devices. During a review of the logs in…
-
FBI Warns Smart Home Users of Badbox 2.0 Botnet Threat
The FBI says mainly Chinese-made IoT devices pose a threat from Badbox 2.0 malware First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fbi-smart-home-users-badbox-20/
-
BadBox 2.0 botnet infects millions of IoT devices worldwide, FBI warns
BadBox 2.0 malware has infected millions of IoT devices globally, creating a botnet used for cyber criminal activities, the FBI warns. The FBI published a Public Service Announcement (PSA) to warn that cybercriminals are using the BADBOX 2.0 botnet to exploit IoT devices on home networks, like streaming devices, projectors, and infotainment systems, mostly made…
-
New Mirai botnet infect TBK DVR devices via command injection flaw
A new variant of the Mirai malware botnet is exploiting a command injection vulnerability in TBK DVR-4104 and DVR-4216 digital video recording devices to hijack them. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-mirai-botnet-infect-tbk-dvr-devices-via-command-injection-flaw/
-
FBI Warns of BADBOX 2.0 Botnet Surge in Chinese Devices
Over 1 Million Infected Off-Brand Android Devices Pose Global Fraud Risk. A China-based botnet operation called BADBOX 2.0 has infected more than 1 million off-brand Android smart devices globally. In an alert, the FBI advised consumers to check their home networks for suspicious activity that could be linked to multiple fraud schemes. First seen on…
-
BADBOX 2.0 Targets Home Networks in Botnet Campaign, FBI Warns
Though the operation was partially disrupted earlier this year, the botnet remains active and continues to target connected Android devices. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/badbox-home-networks-botnet-campaign-fbi
-
Off-brand IoT devices are still vulnerable to BadBox botnet, FBI says
TV streaming devices, digital projectors and other IoT devices are being infected with BadBox 2.0 malware after the original campaign was stifled by German law enforcement. First seen on therecord.media Jump to article: therecord.media/iot-devices-vulnerable-to-badbox-botnet-fbi
-
New Mirai Variant Exploits TBK DVR Flaw for Remote Code Execution
The latest wave of Mirai botnet activity has resurfaced with a refined attack chain exploiting CVE-2024-3721, a critical command injection vulnerability in TBK DVR-4104 and DVR-4216 devices. This campaign leverages unpatched firmware to deploy a modified Mirai variant designed for IoT device hijacking and DDoS operations. Exploitation Vector & Payload Delivery Attackers exploit the vulnerability…
-
Millions of Android devices roped into Badbox 2.0 botnet. Is yours among them?
Millions of Internet-of-Things (IoT) devices running the open-source version of the Android operating system are part of the Badbox 2.0 botnet, the FBI has warned. Cyber … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/06/millions-of-android-devices-roped-into-badbox-2-0-botnet-is-yours-among-them/
-
What Links Hospital Outages, Crypto Botnets, and Sneaky Zip Files? A Ransomware Chaos
Listen to this article A massive nonprofit hospital network in Ohio, 14 medical centers strong, brought to its knees by cybercriminals”, likely the gang behind the Interlock ransomware. Elective surgeries were canceled. Outpatient appointments paused. And to make it worse? Scammers posing as hospital staff started calling patients asking for their credit card numbers. “Your…
-
New Eleven11bot Hacks 86,000 IP Cameras for Large-Scale DDoS Attack
The newly identified Eleven11bot malware has compromised over 86,000 IP cameras across the Asia-Pacific (APAC) region, transforming these devices into a massive botnet for launching large-scale Distributed Denial of Service (DDoS) attacks. This incident, detailed in the Q1 2025 DDoS overview from StormWall’s global scrubbing centers, underscores the escalating sophistication of cyber threats targeting Internet…
-
New Linux PumaBot Targets IoT Devices with SSH Credential Brute-Force Attack
A new and insidious threat has surfaced in the cybersecurity landscape as Darktrace’s Threat Research team uncovers PumaBot, a Go-based Linux botnet meticulously designed to exploit embedded Internet of Things (IoT) devices. Unlike conventional botnets that cast a wide net through indiscriminate internet scans, PumaBot employs a highly targeted strategy, fetching a curated list of…
-
FBI cracks down on crypting crew in a global counter-antivirus service disruption
Takedown was part of ‘Endgame’ operation: According to the Dutch officials’ statement, the seizure is closely linked to Operation Endgame, a law enforcement operation that conducted the largest botnet takedown exactly a year ago.The DOJ said that undercover purchases and service analysis confirmed that the websites supported cybercrime. Court documents alleged investigators linked emails and…
-
Novel PumaBot slips into IoT surveillance with stealthy SSH break-ins
bypasses the usual playbook of conducting internet-wide scanning and instead brute-forces secure shell (SSH) credentials for a list of targets it receives from a command and control (C2) server.”DarkTrace researchers have identified a custom Go-based Linux botnet targeting embedded Linux Internet of Things (IoT) devices,” researchers said in a blog post. “The botnet gains initial access…
-
New Botnet Plants Persistent Backdoors in ASUS Routers
Thousands of ASUS routers have been infected and are believed to be part of a wide-ranging ORB network affecting devices from Linksys, D-Link, QNAP, and Araknis Network. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/botnet-persistent-backdoors-asus-routers
-
Attacks with new Pumabot botnet hit Linux IoT devices
First seen on scworld.com Jump to article: www.scworld.com/brief/attacks-with-new-pumabot-botnet-hit-linux-iot-devices
-
Thousands of ASUS Routers Hit by Persistent Backdoor
Persistent Attack Grants Remote SSH Access via Exploit. Someone – possibly nation-state hackers – appears to be constructing a botnet from thousands of Asus routers in hacking that survives a firmware patch and reboots. Nearly 9,000 routers have been compromised and the number is growing, say researchers. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/thousands-asus-routers-hit-by-persistent-backdoor-a-28539
-
PumaBot Targets Linux Devices in Latest Botnet Campaign
While the botnet may not be completely automated, it uses certain tactics when targeting devices that indicate that it may, at the very least, be semiautomated. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/pumabot-targets-linux-devices-botnet-campaign
-
8,000+ Asus routers popped in ‘advanced’ mystery botnet plot
No formal attribution made but two separate probes hint at the same suspect First seen on theregister.com Jump to article: www.theregister.com/2025/05/29/8000_asus_routers_popped_in/
-
New PumaBot Hijacks IoT Devices via SSH Brute-Force for Persistent Access
Tags: access, botnet, cyber, cybersecurity, data-breach, exploit, Internet, iot, malicious, malware, software, threat, vulnerabilityA sophisticated new malware, dubbed PumaBot, has emerged as a significant threat to Internet of Things (IoT) devices worldwide. Cybersecurity researchers have identified this malicious software as a highly advanced botnet that exploits weak security configurations in IoT ecosystems, particularly targeting devices with exposed SSH (Secure Shell) ports. Emerging Threat Targets Vulnerable IoT Ecosystems By…
-
New AyySSHush botnet compromised over 9,000 ASUS routers, adding a persistent SSH backdoor.
GreyNoise researchers warn of a new AyySSHush botnet compromised over 9,000 ASUS routers, adding a persistent SSH backdoor. GreyNoise discovered the AyySSHush botnet has hacked over 9,000 ASUS routers, adding a persistent SSH backdoor. >>Using an AI powered network traffic analysis tool we built called SIFT, GreyNoise has caught multiple anomalous network payloads with zero-effort that…
-
PumaBot Malware Targets Linux IoT Devices
Stealthy Malware Installs Cryptomining Software. A botnet targeting Internet of Things devices works by brute forcing credentials and downloading cryptomining software. Researchers call the botnet PumaBot, since its malware checks for the string Pumatronix, the name of a Brazilian manufacturer of surveillance and traffic camera systems. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/pumabot-malware-targets-linux-iot-devices-a-28526
-
New PumaBot botnet brute forces SSH credentials to breach devices
A newly discovered Go-based Linux botnet malware named PumaBot is brute-forcing SSH credentials on embedded IoT devices to deploy malicious payloads. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-pumabot-botnet-brute-forces-ssh-credentials-to-breach-devices/