Huawei Routers Exploited to Create New Botnet

 
A Zero-Day vulnerability in the Huawei home router HG532 has been discovered and hundreds of thousands of attempts to exploit it have already been found in the wild. The delivered payload has been identified as OKIRU/SATORI which is an updated variant of Mirai. The suspected threat actor behind the attack is an amateur nicknamed ‘Nexus Zeta’. Introduction In the last 10 years, the number of connected devices has grown to over twenty billion, and, as the years go by, they get progressively smarter. However, whereas they score high on convenience, the latest discoveries from Check Point Research shows they still have a lot of homework to do to get their security score up ...

What’s the Proteus Botnet and how does it work?

 
  The Proteus botnet emerged toward the end of November 2016.  Only a few samples of it were found in the wild and, at the moment, it doesn’t seem to have a widespread campaign.  So, what does it do? It launches a multi-layered attack on an infected machine where it runs several processes aimed at coin mining, credential theft, and keylogging.  In addition, the bot can perform on its own; it offers the cybercriminal to send commands over HTTP to download malicious executables and execute them.   In some samples, the botnet disguises itself as a Google Chrome executable. The functionality of the botnet is highly reliant on its C&C (command and control) server, ...

Check Point Threat Alert – Simda

 
Overview   The Simda botnet is a network of computers infected with self-propagating malware which has compromised more than 770,000 computers worldwide.   Since 2009, cyber criminals have been targeting computers with unpatched software and compromising them with Simda malware. This malware may re-route a user’s Internet traffic to websites under criminal control or can be used to install additional malware.   The malicious actors control the network of compromised systems through backdoors, giving them remote access to carry out additional attacks or to "sell" control of the botnet to other criminals. The backdoors also morph their presence every few ...