June 3, 2023

Researchers have discovered that the Abcbot botnet is connected to cryptocurrency-mining botnet attacks carried out by the Xanthe malware group.

A report has been released highlighting that the same threat group is working behind Xanthe malware and Abcbot botnet.

Advertisements

There is an overlap between the two malware when it comes to similar coding styles, an identical pattern of giving names to routines, with some functions with similar names and implementation and a word ‘go’ added to the end of the function names.

Abcbot botnet creates four malicious users of its own by using generic names such as sysall, logger, system. Users with the same usernames were observed in Xanthe samples too.

Experts added that cybercriminals could be doing away with cryptomining attempts and moving toward traditional botnet functionality of pursuing DDoS attacks.

First discovered the Abcbot attacks in November 2021. The attacks had used shell scripts targeting insecure cloud instances managed by various cloud service providers. Since then, the Abcbot version of the function has been updated multiple times, with a new function being added in every phase of the update.

Advertisements

Multiple code and feature-level similarities imply that the same group is operating both Abcbot and Xanthe. Moreover, gradual updates in the botnet’s capabilities are attempts by its creators to mature it further for bigger campaigns.

Tags:

Leave a Reply

You may have missed

Cisco buys Armorblox

Cisco buys Armorblox

June 3, 2023
CISA KEV Update Part I – May 2023

CISA KEV Update Part I – May 2023

June 3, 2023
Gigabyte Motherboards Backdoor’ed

Gigabyte Motherboards Backdoor’ed

June 3, 2023
MOVEit Vulnerability Exploited in Wild

MOVEit Vulnerability Exploited in Wild

June 2, 2023
CasePoint Suffers a Data Breach

CasePoint Suffers a Data Breach

June 2, 2023
CyberArk Identity Security Web Browser

CyberArk Identity Security Web Browser

June 1, 2023
%d bloggers like this: