200K Outlaw Botnet Uses SSH Brute Forcing to Propagate, Monero Mining for Profit

The botnet which was once a DoS-focused botnet targeting Windows, Linux, Android, and enterprise IoT devices created by the Outlaw group has recently been upgraded to also mine for Monero and to propagate using SSH brute-force attacks.

As initially discovered by the Trend Micro's Cyber Safety Solutions Team, this botnet was created by a Romanian threat group dubbed Outlaw which used the servers of a Japanese art institution and a Bangladeshi government website as command-and-control (C&C) servers.

The attacking bots who are part of the network will use a malicious tool named haiduc to scan for and attack systems vulnerable to the CVE-2017-1000117 command injection vulnerability.

Once it manages to compromise a host, the bot will automatically download... (read more)

Comments