Credential-Stealing Botnet Infects Website To Website

  /     /     /  
Publicated : 22/11/2024   Category : security


Credential-Stealing Botnet Infects Website To Website


Kroxxu botnet infects servers, steals mostly FTP credentials



Researchers from the Czech Republic say a self-generating botnet that steals mostly FTP credentials has been gradually growing in size, with up to 100,000 infected domains and some 1 million bots.
Avast Softwares virus lab has been watching the so-called Kroxxu botnet over the past year, and this week disclosed some details on the password-stealing botnet. They say they still arent sure how it makes its money.
There are a number of ways they could be supporting themselves, Jiri Sejtko, head of virus research at the Avast Virus Lab, said in a statement. The four most likely methods are through selling hacked space on infected servers, use of this malware to support the activities of other, more directly profitable malware, selling stolen credentials, or using keyloggers to spread other spam. But at this stage, it is more important for recognize this botnet than uncover its business plan.
What the researchers do know about the botnet is its all server-based and spreads malware, such as keyloggers. When a password is stolen from an infected website, it then adds a script to the website content so it can alter files on the infected servers and spread to other severs. It relies heavily on redirection, with one connection spotted using 15 redirectors. Kroxxu also can swap roles among botnet elements: Kroxxus indirect cross infections are based on the fact that all parts being equal and interchangeable. If one part is used as an initial redirector, it may also be used as a final distribution part at the same or even a different time, said Sejtko.
Its not easy to remove Kroxxu from a server, and some websites have been infected for more than three months before Kroxxu was found, for example.
Have a comment on this story? Please click Discuss below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Credential-Stealing Botnet Infects Website To Website