The Python botnet FreakOut, also known as N3Cr0m0rPh, Freakout, and Python.IRCBot, began actively infecting video surveillance systems with Visual Tools DVR. Experts from the research firm Juniper Threat Labs reported this on their blog.
According to the published analysis of the incidents, the botnet is more targeted at the Visual Tools DVR VX16 software under version 220.127.116.11. By infecting a device, attackers gain access to the company’s internal network. Analysts have found that the attackers, for the most part, hack into video servers for mining the monero cryptocurrency (XMR).
Identifying malware is complicated by the fact that a botnet can mask its infrastructure through domain name generation. The virus also learned to infect files with the JS, PHP and HTML extensions.
This is not the first time that XMR has been mined as a result of a hacked device. For example, at the beginning of the year, the Chinese cybercriminal group Rocke began attacking Apache, Oracle and Redis servers using the Pro-Ocean mining virus. As soon as the virus finds a vulnerability and settles on a machine, it automatically downloads and installs the entire malicious XMR miner on it via a remote HTTP server.
Meanwhile, cybersecurity company Avast found out that a malware with an embedded XMR miner called Crackonosh brought its creators over 9,000 XMR in two and a half years. According to the company, the virus has infected over 222,000 Windows-based devices. The US, India, Brazil, the Philippines and Poland were hit hardest. It is noteworthy that Russia, Ukraine and Belarus, as well as the Asian region, were hardly affected by the Crackonosh virus. According to Avast, a developer from the Czech Republic could have created the virus.
Stay in touch! Subscribe to World Stock Market in Telegram.