A botnet is hacking the web shells of other cybercriminals.

✨ Megiddo

✨ President ✨
Staff member
Joined
May 15, 2016
Messages
14,621
Likes
2,645
Points
1,730
The list of victims includes 159 addresses with unique parameters (PHP and JSP shells).

Positive Technologies security researchers talked about the new tactics of Neutrino botnet operators. According to them, they have been attacking the web shells of other cybercriminals for more than a year and infecting their servers.

Previously, malware spread through email attachments and exploit kits. Now he has taken on the role of a botnet, scanning the network in search of various web applications and servers for the brute force of the administrative panels. He then goes over the shells and begins to exploit the vulnerabilities. According to researchers, the purpose of these attacks is to extract cryptocurrency on infected servers.

The Neutrino botnet uses different methods during the hack. It not only exploits old and new vulnerabilities, but also searches for phpMyAdmin servers left without a password and brute-force accounts of superusers phpMyAdmin, Tomcat and MS-SQL.

Experts also noted strange features in the behavior of the updated Neutrino. In June 2018, he searched for open Ethereum nodes and allowed attackers to steal up to $ 20 million.

Neutrino is also hacking web shells. The list of victims includes 159 addresses with unique parameters (PHP and JSP shells). Malicious executes simple commands and thereby bruteforce shells of "competitors".
 
Top Bottom