2025-02-23 17:45:42 Pacfic
BADBOX Botnet Infects Hundreds of Thousands of Android Devices - 16d
The BADBOX botnet has infected over 190,000 Android devices, including high-end models like Yandex 4K QLED TVs. This botnet’s infection is believed to be facilitated by pre-installed malware during the manufacturing process or further down the supply chain, highlighting a significant supply chain vulnerability. The scale of the infection underscores the critical security risks associated with supply chain compromises.
Phorpiex Botnet Deploys LockBit Ransomware - 22d
The Phorpiex botnet is now being used to distribute LockBit ransomware through compromised websites and phishing emails. This new attack vector demonstrates the botnet’s evolving capabilities and the automation of ransomware delivery. This is a significant shift from Phorpiex’s previous activities, posing a greater threat to organizations and individuals worldwide. This shows the growing trend of botnets being used for ransomware attacks
Aquabot botnet exploits Mitel SIP flaws - 24d
A new Mirai botnet variant called Aquabot is actively exploiting a command injection vulnerability (CVE-2024-41710) in Mitel SIP phones to perform DDoS attacks. The Aquabot malware targets Mitel 6800, 6900, and 6900w series phones. This variant also shows a unique ability to communicate with its command and control server.
Mirai Botnet Launches Massive 5.6 Tbps DDoS Attack - 1d
Cloudflare mitigated a record-breaking 5.6 Tbps DDoS attack, the largest ever reported. The attack, based on the Mirai botnet, involved over 13,000 IoT devices and targeted an unnamed internet service provider customer. This highlights the growing threat of hyper-volumetric assaults and the need for robust DDoS mitigation strategies.
The Mirai botnet, known for exploiting vulnerabilities in IoT devices, continues to evolve and pose a significant threat to internet infrastructure. The attack underscores the importance of securing IoT devices and implementing comprehensive DDoS protection measures to safeguard against increasingly sophisticated and large-scale attacks.
MikroTik Botnet Exploits DNS Misconfigurations. - 7d
A sophisticated botnet is exploiting misconfigured DNS records on approximately 13,000 MikroTik routers to bypass email protection systems and deliver malware through spam campaigns. This botnet operation leverages a simple DNS misconfiguration to send malicious emails that appear to come from legitimate domains, distributing trojan malware and other malicious content.
D-Link Routers Targeted by Botnets Globally - 27d
Multiple botnets, including FICORA (Mirai variant) and CAPSAICIN (Kaiten variant), are actively exploiting known vulnerabilities in older D-Link routers to conduct DDoS attacks and propagate malware. These botnets target vulnerabilities in the HNAP interface, allowing remote attackers to execute malicious commands. The ongoing attacks highlight the persistent risks associated with outdated and unpatched devices, emphasizing the need for users to update or replace vulnerable equipment immediately.
BadBox malware preinstalled on 30000 German devices - 9d
The BADBOX malware campaign has compromised over 30,000 Android devices in Germany, including digital photo frames, media players and possibly smartphones. The malware is pre-installed on the devices, exploiting outdated Android versions. The German Federal Office for Information Security (BSI) has taken action to disrupt the communications between infected devices and command-and-control servers. This campaign highlights the risks associated with insecure supply chains and pre-installed malware on IoT devices, and emphasizes the need for rigorous security checks and device updates to prevent similar incidents.