Tag Archive for: botnet

Norton Anti-Virus is Becoming a Crypto Mining Botnet

In the before-times – the heady days of 2017 when the prices of both Bitcoin and Ethereum skyrocketed and seemed immune to gravity – several well-known companies boosted their value by claiming to build new products on the blockchain or to create a solid trustworthy crypto-coin. The trend has continued through the pandemic.

We often note a whiff of desperation in old-economy businesses trying to re-invent themselves as blockchain or crypto companies. For example, according to Krebs On Security, RadioShack relaunched in 2020 as an online brand and “now says it plans to chart a future as a cryptocurrency exchange” by helping old-school customers feel comfortable with crypto speculation. We know that a few years ago photo giant Kodak, whose primary product was replaced by ubiquitous digital cameras on smartphones, announced moves into cryptocurrency called KodakCoin and Kodak KashMiner which quickly and temporarily boosted Kodak’s stock price 60%. The New York Times stated at the time, “Almost immediately, critics pounced on the company’s plans, characterizing them as a desperate money grab.” Kodak soon abandoned the coin and digital mining effort and Kodak now claims to be a drug company. Who is next, Blockbuster as NFT-factory?

No, the newest surprising news is Norton LifeLock as a crypto miner. Not that Norton LifeLock is an old-economy company, but it is a relatively stogy security firm offering a two-decade-old product that seems less relevant now than it used to be. In the internet age, software firms from the 1990s may count as “old-economy.”

Norton LifeLock has started offering the “Norton Crypto” tool as part of its famous yellow-branded Norton 360 software for home and business computers. Norton Crypto allows paying customers to mine cryptocurrencies while their computers are otherwise inactive. When the tool is turned on, Norton brings together all of its customers’ mining capacity into a pool of computing power that mines Ethereum then breaks the value of the mined currency into pieces and deposits a small percentage into a Norton…


Abcbot Botnet Linked to Operators of Xanthe Cryptomining malware

Cryptomining malware

New research into the infrastructure behind an emerging DDoS botnet named Abcbot has uncovered links with a cryptocurrency-mining botnet attack that came to light in December 2020.

Attacks involving Abcbot, first disclosed by Qihoo 360’s Netlab security team in November 2021, are triggered via a malicious shell script that targets insecure cloud instances operated by cloud service providers such as Huawei, Tencent, Baidu, and Alibaba Cloud to download malware that co-opts the machine to a botnet, but not before terminating processes from competing threat actors and establishing persistence.

The shell script in question is itself an iteration of an earlier version originally discovered by Trend Micro in October 2021 hitting vulnerable ECS instances inside Huawei Cloud.

Automatic GitHub Backups

But in an interesting twist, continued analysis of the botnet by mapping all known Indicators of Compromise (IoCs), including IP addresses, URLs, and samples, has revealed Abcbot’s code and feature-level similarities to that of a cryptocurrency mining operation dubbed Xanthe that exploited incorrectly-configured Docker implementations to propagate the infection.

Cryptomining malware

“The same threat actor is responsible for both Xanthe and Abcbot and is shifting its objective from mining cryptocurrency on compromised hosts to activities more traditionally associated with botnets, such as DDoS attacks,” Cado Security’s Matt Muir said in a report shared with The Hacker News.

The semantic overlaps between the two malware families range from how the source code is formatted to the names given to the routines, with some functions not only sporting identical names and implementation (e.g., “nameservercheck”) but also having the word “go” appended to the end of the function names (e.g., “filerungo”).

“This could indicate that the Abcbot version of the function has been iterated on several times, with new functionality added at each iteration,” Muir explained.

Prevent Data Breaches

Furthermore, the deep-dive examination of the malware artifacts revealed the botnet’s capability to create as many as four users of their own by using generic, inconspicuous names like “autoupdater,” “logger,” “sysall,” and “system” to avoid detection, and adding them to the sudoers…


Botnet Detection Market Size, Analysis, Forecast to 2029

New Jersey, United States,- The latest report published by Verified Market Research shows that the Botnet Detection Market is likely to garner a great pace in the coming years. Analysts examined market drivers, confinements, risks and openings in the world market. The Botnet Detection report shows the likely direction of the market in the coming years as well as its estimates. A close study aims to understand the market price. By analyzing the competitive landscape, the report’s authors have made a brilliant effort to help readers understand the key business tactics that large corporations use to keep the market sustainable.

The report includes company profiling of almost all important players of the Botnet Detection market. The company profiling section offers valuable analysis on strengths and weaknesses, business developments, recent advancements, mergers and acquisitions, expansion plans, global footprint, market presence, and product portfolios of leading market players. This information can be used by players and other market participants to maximize their profitability and streamline their business strategies. Our competitive analysis also includes key information to help new entrants to identify market entry barriers and measure the level of competitiveness in the Botnet Detection market.

Get Full PDF Sample Copy of Report: (Including Full TOC, List of Tables & Figures, Chart) @ https://www.verifiedmarketresearch.com/download-sample/?rid=8979

Key Players Mentioned in the Botnet Detection Market Research Report:

Akamai Technologies (US), Imperva (US), Distil Networks (US), PerimeterX (US), ShieldSquare (India), Unfraud (US), Instart Logic (US), Pixalate (US), AppsFlyer (US), Intechnica (UK), Zenedge (US), Reblaze (Israel), White Ops(US), Shape Security (US), Integral Ad Science (US), InfiSecure (India), DataDome (France), CriticalBlue (UK), Digital Hands (US), Variti (Switzerland), Stealth Security (US), Unbotify (Israel), Kasada (Australia), Mfilterit (India), White Diagnostic (US). 

Botnet Detection Market Segmentation:  

Botnet Detection Market, By Components

• Standalone Solution
• Services

Botnet Detection Market, By Application Area

• Website Security


Global Botnet Hijacks $500,000 In Crypto Transactions In Just One Year

A stealthy botnet that has infected computers in nearly 100 different countries is silently stealing cryptocurrency from its victims. From November 2020 to November 2021 it hijacked nearly $500,000.

The Phorpiex botnet has been operating since 2016 and is made up of hundreds of thousands of compromised devices. Back in 2019 it was grabbing headlines for an alarmingly successful sextortion email campaign that was raking in $20,000 a month for its criminal controllers.

Phorpiex also has the ability to steal cryptocurrency, which it does by “crypto-clipping.” In these attacks, malware on an infected devices waits for cryptocurrency transactions to be take place. When a transaction is detected, the malware clips the original destination wallet address and replaces it with one controlled by the attacker.

According to Check Point Research the Phorpiex crypto-clipper supports more than 30 different cryptocurrencies. Since April of 2016 Phorpiex has hijacked thousands of transactions and swiped around 38 Bitcoin and 133 Ether. At today’s exchange rates that works out to around $2.2 million in stolen cryptocurrency.

From last November until this November alone Phorpiex successfully clipped 969 transactions. Those attacks netted its controller(s) more than $650,000.

This summer, however, the botnet activity suddenly tailed off. In August one of its creators allegedly walked away from cybercrime and the other decided to sell the Phorpiex code to the highest bidder.

Whether or not a sale actually happened, Phorpiex was back a few weeks later with some new tricks. A new variant called Twizt emerged.

One of the biggest differences with Twizt is that the botnet is now able to communicate peer-to-peer. That means it’s not dependent on specific command and control servers. Infected hosts can send instructions to each other.

Twizt has also added a double-encrypted protocol for communication and new data integrity functions. Check Point researcher Alexey Bukhteyev says The emergence of such features suggests that the botnet may become even more stable and therefore, more dangerous.”

Security researchers had managed to take control of the…