CySecurity News – Latest Information Security and Hacking Incidents
Abcbot, the newly discovered botnet has a longer history than what was originally believed. The Xanthe-based cryptojacking campaign found by Cisco’s Talos security research team in late 2020 has a clear link, according to the ongoing examination of this malware family. When Talos was notified of an intrusion on one of their Docker honeypots, they discovered malware that looked like a bitcoin mining bot.
The virus is known as Xanthe, and its main goal is to mine cryptocurrency using the resources of a compromised system. Based on the findings, the same threat actor is behind both Xanthe and Abcbot, and its goal has shifted from mining cryptocurrency on compromised hosts to more classic botnet activity like DDoS attacks.
Abcbot attacks, first reported by Qihoo 360’s Netlab security team in November 2021, are triggered by a malicious shell script that targets insecure cloud instances operated by cloud service providers such as Huawei, Tencent, Baidu, and Alibaba Cloud to download malware that co-opts the machine to a botnet but not before terminating processes from competing threat actors and establishing persistence. The shell script in question is an updated version of one found by Trend Micro in October 2021, which targeted Huawei Cloud’s vulnerable ECS instances.
Further investigation of the botnet, which included mapping all known Indicators of Compromise (IoCs) such as IP addresses, URLs, and samples, revealed Abcbot’s code and feature-level similarities to that of a cryptocur
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: