TheMoon Malware Rises Again with Malicious Botnet for Hire

  /     /     /  
Publicated : 23/11/2024   Category : security


TheMoon Malware Rises Again with Malicious Botnet for Hire


Outdated SOHO routers and IoT devices being hijacked by TheMoon to operate an anonymous hacker botnet service called Faceless.



After disappearing for several years, TheMoon has returned with a botnet army around 40,000 strong, made up of hijacked small home and office (SOHO) devices and available for hire as a proxy service for cybercriminals looking to obscure their traffic origins.
The
cybercrime botnet
service, called Faceless, costs less than a dollar per day, according to the researchers at Lumen Technologies Black Lotus Labs, who are warning about the return of TheMoon after the malware group disappeared in 2019, before reemerging back on the scene in 2023. By the beginning of 2024, TheMoon had amassed bots from across 88 countries to operate its Faceless service.
We believe these cybercriminals [using Faceless] are using these networks to steal data and information from their victims, including the financial sector, Mark Dehus, senior director of threat intelligence at Lumen Black Lotus Labs, said in a statement.
TheMoon malware
is a serious threat not only to the owners of the compromised SOHO devices, but also the victims exploited through this anonymous proxy network.
John Gallagher, vice president of Viakoo Labs at Viakoo, noted that the types of endpoints that TheMoon looks to bring to the dark side are somewhat sitting ducks.
IoT devices are designed to be set it and forget it, leading to their being favored by threat actors even if they are not end of life (they are likely to be unmanaged and not updated), he said in an emailed statement. This is a much bigger issue for enterprises than consumers. The operators of IoT devices are often cost centers, and theres an incentive to not replace equipment unless it isn’t functional anymore. Enterprises offer vast fleets of IoT devices for threat actors to leverage for DDoS and other attack vectors. 

Last News

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
TheMoon Malware Rises Again with Malicious Botnet for Hire