Tag

Botnet

All articles tagged with #botnet

cybersecurity1 month ago•3 min saved

KadNap Botnet Converts ASUS Routers into a Global Residential Proxy Network

KadNap, a new botnet, hijacks ASUS routers and other edge devices to form a peer-to-peer proxy network for malicious traffic. By August 2025 it controlled about 14,000 devices, using a custom Kademlia DHT to locate C2s, though two fixed nodes connect early to the C2s, aiding takedowns. Infections start by pulling aic.sh from 212.104.141.140, establish persistence via a cron job every 55 minutes, and install an ELF payload kad. KadNap’s DHT design aims to decentralize control, but the two steady nodes undermine this to some extent. The botnet is linked to the Doppelganger proxy service, which rents infected devices as residential proxies for DDoS, credential stuffing, and brute-force campaigns. Lumen has blocked KadNap traffic on its network and will publish IOC to help others disrupt the botnet.

via BleepingComputer|

#asus-routers #botnet #cybersecurity

security1 month ago•4 min saved

KadNap DHT Botnet Turns 14k Edge Devices into Stealth Proxies; ClipXDaemon Hijacks Linux Wallet Addresses

Security researchers uncovered KadNap, a new malware targeting Asus routers and other edge devices that forms a decentralized, Kademlia DHT–based proxy botnet with over 14,000 infected hosts (majority in the U.S.). It uses a shell script downloaded from a C2 at 212.104.141.140 to install persistence, fetch a kad ELF, and join a peer-to-peer network that hides C2 traffic and feeds a Doppelgänger proxy service; the operators tier targets, close SSH (port 22), and collect host time and uptime to build peer hashes for network coordination. The same report also details ClipXDaemon, a memory-only Linux clipboard hijacker that replaces copied cryptocurrency wallet addresses in real time for multiple coins, with no C2 or beaconing and designed to avoid Wayland sessions.

via The Hacker News|

#botnet #clipxdaemon #iot

technology2 months ago•46 min saved

Google nixes a vast residential proxy botnet hidden in everyday devices

Google says it crippled IPIDEA, a massive residential proxy network that secretly turned millions of everyday devices into exit nodes for cybercrime. The network was embedded in hundreds of apps/SDKs and could route malicious traffic through real home connections, making it hard to detect. Google’s Threat Intelligence Group, in collaboration with partners, shut down dozens of IPIDEA domains, updated Google Play Protect to remove affected apps, and, overall, freed about nine million Android devices from the network alongside hundreds of compromised apps. While the infrastructure isn’t fully eradicated, the disruption significantly hampers operators and helps restore trust in users’ devices.

via Android Central|

#android #botnet #google

network-security3 months ago•2 min saved

RondoDox Botnet Exploits React2Shell Flaw to Hijack IoT Devices and Servers

Cybersecurity researchers have uncovered a nine-month campaign where the RondoDox botnet exploited the critical React2Shell vulnerability (CVE-2025-55182) to hijack IoT devices and web servers, deploying malware, cryptocurrency miners, and Mirai variants, with the threat still active as of December 2025. Organizations are urged to update vulnerable software, segment IoT devices, and enhance monitoring to prevent infection.

via The Hacker News|

#botnet #iot-security #network-security

cybersecurity7 months ago•8 min saved

Oregon Man Charged Over 'Rapper Bot' DDoS Attacks

A 22-year-old Oregon man, Ethan J. Foltz, was arrested for operating Rapper Bot, a large IoT-based botnet used for launching massive DDoS attacks, including one that disrupted Twitter/X in March 2025. The botnet, which enslaved around 65,000 devices globally, was rented out to extortionists and was responsible for over 370,000 attacks targeting thousands of victims. Foltz admitted to building and controlling the botnet, which was designed to be manageable and stealthy, and he discussed its capabilities and rival threats in encrypted chats. The case highlights the significant financial and operational risks posed by such cybercriminal activities.

via Krebs on Security|

#botnet #cybersecurity #ddos

technology8 months ago•5 min saved

FBI Urges 10 Million Android Users to Disconnect Devices Immediately

The FBI warns that over 10 million Android devices, including IoT gadgets and smart devices, are infected with the BadBox 2.0 botnet, which is used for criminal activities. Google has taken legal action and updated protections, but users are advised to disconnect suspicious devices from their networks to prevent further harm.

via Forbes|

#android #badbox20 #botnet

technology8 months ago•3 min saved

FBI and Google Urge 10 Million Android Users to Disconnect Devices Amid Malware Threats

The FBI warns that over 10 million Android devices, mainly low-cost IoT products from China, are infected with the malicious BadBox 2.0 malware, which is pre-installed in device firmware and used for criminal activities. Google has taken legal action and updated protections, while the FBI recommends users disconnect suspicious devices from their networks to prevent further harm.

via Forbes|

#android #badbox-20 #botnet

technology10 months ago•4 min saved

FBI Warns of BADBOX 2.0 Android Malware Impacting Millions

The FBI warns that the BADBOX 2.0 malware has infected over 1 million consumer IoT devices, mainly Android-based smart TVs and streaming devices, turning them into residential proxies for malicious activities like ad fraud and credential stuffing. Despite disruptions, the botnet continues to grow globally, with devices from China shipped worldwide, and consumers are advised to monitor their devices and avoid unofficial app stores.

via BleepingComputer|

#android-malware #badbox-20 #botnet

technology10 months ago•2 min saved

Urgent: How to Check if Your Asus Router Has Been Hacked in the Latest Cyberattack

A security report reveals that around 9,000 Asus routers have been hacked by a sophisticated threat actor aiming to create a botnet. Users can check if their routers are compromised by inspecting SSH access and should perform a factory reset if infected. Updating firmware and blocking specific IPs are recommended to prevent future attacks.

via PCMag|

#asus-routers #botnet #cybersecurity

technology10 months ago•1 min saved

FBI Warns of Widespread ASUS Router Hacks and Persistent Backdoors

The FBI has issued a warning against 13 specific older router models, mainly from Linksys/Cisco, that are vulnerable to malware called TheMoon, which can be exploited to control devices and hide malicious activity. Users with these models should consider replacing them, especially if they haven't received updates, to avoid security risks.

via 9to5Mac|

#botnet #cybersecurity #fbi

technology10 months ago•2 min saved

Thousands of ASUS Routers Compromised by Persistent Botnet and Backdoors

Thousands of ASUS routers have been compromised by a persistent botnet that survives firmware updates and reboots, potentially controlled by a nation state, with affected models including RT-AC3100, RT-AC3200, and RT-AX55. The only recommended mitigation is to factory reset the routers and then update the firmware, as the infection cannot be removed by updates alone.

via 9to5Mac|

#asus #botnet #exploit

technology10 months ago•2 min saved

Global Botnets Exploit Router Vulnerabilities to Maintain Persistent Backdoors

A new botnet named 'AyySSHush' has compromised over 9,000 ASUS routers by exploiting an old vulnerability to install a persistent SSH backdoor, allowing attackers to maintain access even after reboots or firmware updates. The campaign, possibly linked to a nation-state actor, also targeted other SOHO routers from Cisco, D-Link, and Linksys, and involves stealthy techniques to evade detection. ASUS has released security patches, and users are advised to update firmware, check for suspicious files, and reset their devices if compromised.

via BleepingComputer|

#asus-routers #botnet #cybersecurity

cybercrime1 year ago•3 min saved

Global Cybercrime Crackdown: Major Botnet Dismantled, Chinese National Charged

US and European authorities have dismantled the "world's largest botnet," responsible for nearly $6 billion in Covid insurance fraud. The operation, codenamed Endgame, led to the arrest of multiple suspects, including Chinese national YunHe Wang, and the seizure of luxury goods and properties. The botnet, active from 2014 to 2022, spread ransomware via infected emails. The coordinated international effort involved actions in several countries and targeted various malware droppers, significantly disrupting the cybercrime ecosystem.

via The Guardian|

#botnet #cybercrime #europol

cybersecurity1 year ago•2 min saved

FBI Busts Chinese National for $6B COVID Relief Botnet Scheme

The FBI has dismantled a massive botnet of 19 million infected computers spread across 190 countries, used for various cybercrimes including financial fraud and identity theft. The operation led to the arrest of the alleged administrator, YunHe Wang, in Singapore, and the seizure of luxury goods, cryptocurrency, and real estate. The botnet, active since 2014, generated millions by leasing access to compromised IP addresses.

via Yahoo Finance|

#botnet #cybercrime #cybersecurity

cybercrime1 year ago•2 min saved

FBI and Europol Dismantle $6bn Cybercrime Botnet, Arrest Chinese National

The FBI, in collaboration with international partners, dismantled the "911 S5" botnet, the world's largest, which infected 19 million computers and facilitated various cybercrimes. Chinese national YunHe Wang, who profited nearly $100 million from the operation, was arrested in Singapore and faces multiple charges that could lead to a 65-year prison sentence.

via The Hill|

#arrest #botnet #cybercrime