Tomcat
Professional
- Messages
- 2,695
- Reaction score
- 1,072
- Points
- 113
Bitdefender has discovered a growing new IoT botnet of compromised smart devices used by cybercriminals to carry out DDoS attacks. Operators of the botnet, dubbed dark_nexus by researchers, are adding devices that have been compromised by credential stuffing attacks. In particular, they are interested in routers (Dasan Zhone, Dlink and ASUS), video recorders and thermal imaging cameras.
The botnet currently includes 1,372 bots acting as reverse proxies. The jailbroken devices are located in China, South Korea, Thailand, Brazil and Russia.
Although dark_nexus is similar to previously known botnets, some malware modules make it much more powerful, according to the researchers. Take the fact that the malware is compiled for 12 different CPU architectures.
As the researchers found out, the author of the malware is someone under the pseudonym greek.Helios. The developer is well known in the cybercriminal community as an operator of a custom DDoS attack service that is actively advertised on social networks and on a YouTube channel.
Although dark_nexus shares similarities with the banking trojan Qbot and the Mirai botnet, its core modules are “mostly original,” researchers told Bitdefender. The malware regularly receives updates, and from December 2019 to March 2020, about 30 versions were released (from version 4.0 to 8.6).
The fact that dark_nexus is based on Mirai and Qbot testifies to the evolution of tactics used by botnet operators and inexperienced hackers.
The botnet currently includes 1,372 bots acting as reverse proxies. The jailbroken devices are located in China, South Korea, Thailand, Brazil and Russia.
Although dark_nexus is similar to previously known botnets, some malware modules make it much more powerful, according to the researchers. Take the fact that the malware is compiled for 12 different CPU architectures.
As the researchers found out, the author of the malware is someone under the pseudonym greek.Helios. The developer is well known in the cybercriminal community as an operator of a custom DDoS attack service that is actively advertised on social networks and on a YouTube channel.
Although dark_nexus shares similarities with the banking trojan Qbot and the Mirai botnet, its core modules are “mostly original,” researchers told Bitdefender. The malware regularly receives updates, and from December 2019 to March 2020, about 30 versions were released (from version 4.0 to 8.6).
The fact that dark_nexus is based on Mirai and Qbot testifies to the evolution of tactics used by botnet operators and inexperienced hackers.
