Researchers from HUMAN have taken down a sizeable ad fraud scheme that spoofed more than 1,700 apps and managed to generate 12 billion ad requests a day. By injecting JavaScript into the ads, the scammers were able to layer multiple ads, registering views for ads that users did not see. HUMAN dubbed the malicious campaign …
Updated on 2022-12-22: Glupteba returns The Glupteba ad fraud trojan has returned to operations after being disrupted by Google last year and after the conclusion of a recent lawsuit between the two parties. Read more: Tracking Malicious Glupteba Activity Through the Blockchain Disrupting the Glupteba operation Updated on 2022-12-19 A surge in infection by the …
Updated on 2022-12-16 Microsoft warned of a cross-platform botnet, MCCrash, launching DDoS attacks against private Minecraft servers. The tech giant tracks the threat actor as DEV-1028. Read more: MCCrash: Cross-platform DDoS botnet targets private Minecraft servers Updated on 2022-12-15 Microsoft has a report on MCCrash, an IoT botnet operated by the DEV-1028 threat actor and …
Updated on 2022-12-13 Fortinet said it recently linked a Go-based CMS scanner and brute-forcing tool to a new botnet named GoTrim. According to the company, this new botnet appears to have been created around September 2022 and is mostly comprised of hacked WordPress sites, although evidence suggests GoTrim can also infect Joomla, OpenCart, and DataLife-based …
Updated on 2022-12-01: KmsdBot goes down Akamai researchers said they found a bug in the C&C communication system used by the KmsdBot cryptomining botnet that allowed them to crash the malware on all infected systems worldwide. Read more: Accidentally Crashing a Botnet Updated on 2022-11-30: Akamai Researchers Inadvertently Crash Botnet While monitoring the KmsdBot cryptomining …
Updated on 2022-11-18: RapperBot Fortinet researchers say that a botnet called RapperBot, which they first spotted back in August, launching brute-force attacks in an attempt to expand their numbers, has been recently repurposed to launch DDoS attacks. According to current data, these attacks appear to target gaming servers and are a continuation of a similar …
Updated on 2022-12-07 Chinese security firm Antiy has confirmed the use of the Torii botnet by Vietnamese APT group OceanLotus. Last month, both Weibu and QiAnXin said that OceanLotus operators appear to be using the Torii IoT botnet to disguise the origin of their attacks. Updated on 2022-11-15: OceanLotus attacks Chinese security firm QiAnXin published …
Updated on 2022-11-09 Cloud9, a new Chrome browser-based botnet, was found leveraging malicious extensions to pilfer online accounts, inject malicious JavaScript code and ads, log keystrokes, and enroll the victim’s browser in DDoS attacks. Read more: Malicious extension lets attackers control Google Chrome remotely Overview Zimperium researchers took a deep dive into Cloud9, a malicious …
Updated on 2022-11-21: Emotet’s return Deep Instinct researchers have an analysis of Emotet’s return, the infamous spam botnet that has been asleep since June this year. More on this from Proofpoint too. Read more: Emotet’s Vacation is Over: No Rest for the Wicked A Comprehensive Look at Emotet’s Fall 2022 Return Updated on 2022-11-18: Emotet’s …
Updated on 2022-10-14: Large DDoS attack In its quarterly threat report for Q3 2022, Cloudflare said it mitigated a large-scale DDoS attack that reached a massive 2.5 Tbps, launched by a Mirai botnet variant and aimed at the Wynncraft Minecraft service. Read more: Cloudflare DDoS threat report 2022 Q3 Overview Cloudflare claimed to have thwarted …
Updated on 2022-10-17 SentinelOne said last week that 8220 Gang, an infamous cybercrime group that is known for targeting cloud-based infrastructure for cryptomining attacks, has updated its infrastructure and attack methods and is now targeting misconfigured versions of Docker, Apache, and WebLogic servers. In a previous report in July, SentinelOne said the gang infected more …
Updated on 2022-09-30 Researchers from Lumen’s Black Lotus Labs “recently uncovered a multifunctional Go-based malware that was developed for both Windows and Linux.” Dubbed Chaos, the malware uses infected devices for cryptomining and launching distributed denial-of-service (DDoS) attacks. Note While Chaos appears to have roots in the Kanji malware, it is considerably more advanced. This …
