December 11, 2023

While botnets have been used for anything from performing DDoS attacks to stealing data and even sending spam, Researchers have found signs that the Interplanetary Storm botnet could be used for different purposes

This Golang-written botnet could be used as an anonymization proxy-network-as-a-service and potentially rented using a subscription-based model.

While the botnet has come under previous scrutiny, constant monitoring of the development lifecycle of Interplanetary Storm has revealed that threat actors are both proficient in using Golang and development best practices, and well-versed at concealment of management nodes.

Interplanetary Storm also has a complex and modular infrastructure designed to seek and compromise new targets, push and synchronize new versions of the malware, run arbitrary commands on the infected machine and communicate with a C2 server that exposes a web API.

IPStorm propagates by attacking Unix-based systems (Linux, Android and Darwin) that run Internet-facing SSH servers with weak credentials or unsecured ADB servers.

Key findings:

  • Botnet potentially rented as an anonymous proxy network
  • Built to use compromised devices as proxies
  • Botnet mapping reveals global presence
  • Rented using multi-tier subscription-based pricing model
  • More than 100 code revisions to date
  • Detailed analysis of the infrastructure behind the Interplanetary Storm botnet
Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

TheCyberThrone Security Week In Review – December 2nd & 10th, 2023

December 10, 2023

5Ghoul Vulnerabilities affects 5G devices

December 10, 2023

Microsoft EDGE Browser Critical Sandbox Escape Vulnerability – CVE-2023-35618

December 9, 2023

WordPress POP CMS Vulnerability

December 9, 2023

Apache Struts fixes Critical Vulnerability – CVE-2023-50164

December 8, 2023

Meta enables Messenger with E2EE by Default

December 8, 2023 2
%d