Sunday, April 27, 2025
HomeBotnetInfamous Necro Python bot Added new Tools to Improve Its Chances of...

Infamous Necro Python bot Added new Tools to Improve Its Chances of Infecting Vulnerable Systems

Published on

SIEM as a Service

Follow Us on Google News

Nowadays, cyberattacks are increasing rapidly, and as per the report, most cybercriminals are using the automatic bot method to perform all kinds of malware infections, not only this, through the method the threat actors also take control of remote computers and perform some critical cyberattacks.  

Recently, the Necro python has made numerous changes, as they have added some new tools in an attempt to enhance its all possibilities of infecting vulnerable systems as well as evading detection.

Necro Python

Necro Python, is a self-replicating, polymorphic bot that has been in progress since 2015, and it is also known by the name “FreakOut” or “Necro.”

- Advertisement - Google News

The main motive of Necro Python is that it generally finds the remote computer systems running Windows or Linux, and then later it easily exploits the security vulnerabilities that are present in the operating system or an installed application.

In early 2021 the development progress has been announced regarding the botnets. However, as we said above, Necro Python has started its development in 2015, and this year it has made some significant changes to enhance all its power.

Necro Python was being developed by all specialized developers, and they have made several changes in the bot, with the motive of increasing the power flexibility of the bot.

However, the developer has included nearly 10 different web applications, as well as the SMB protocol that are being used as a weapon in a recent campaign of Bot. The developers have also included exploits for vulnerability in various software like SCO OpenServer, the Vest Control Panel, and the VMWare vSphere.

This new botnet has the ability to connect to a C2 server simply by using the IRC and later it accepts all the commands that are associated with:- 

  • Configuration changes
  • Exploitation
  • Launching distributed denial-of-service attacks
  • RAT functionality

According to the reports, all these associated commands were used to download and implement the additional code or sniff network traffic to eliminate the collected data.

On May 18 the new version of the botnet got released and it also includes exploits for EternalBlue as CVE-2017-0144 and EternalRomance as CVE-2017-0147. 

However, the cybersecurity researchers affirmed that the new bot injects the code into an HTML or PHP file on an affected system from an attacker-managed server.

The main motive of injecting the code is to download and implement a JavaScript-based miner. Not only this but the researchers also claimed that all these new techniques and methods will surely help Necro to evade the infected system based on security protection.

Moreover, the cybersecurity experts at Talos asserted that they will keep updating the Necro with new and modern tools for detection that will include Response products and Extended Detection.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity, and hacking news updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Two Systemic Jailbreaks Uncovered, Exposing Widespread Vulnerabilities in Generative AI Models

Two significant security vulnerabilities in generative AI systems have been discovered, allowing attackers to...

New AI-Generated ‘TikDocs’ Exploits Trust in the Medical Profession to Drive Sales

AI-generated medical scams across TikTok and Instagram, where deepfake avatars pose as healthcare professionals...

Gamers Beware! New Attack Targets Gamers to Deploy AgeoStealer Malware

The cybersecurity landscape faces an escalating crisis as AgeoStealer joins the ranks of advanced...

Compliance And Governance: What Every CISO Needs To Know About Data Protection Regulations

The cybersecurity landscape has changed dramatically in recent years, largely due to the introduction...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

North Korean APT Hackers Pose as Companies to Spread Malware to Job Seekers

Silent Push Threat Analysts have uncovered a chilling new cyberattack campaign orchestrated by the...

Russian VPS Servers With RDP and Proxy Servers Enable North Korean Cybercrime Operations

Trend Research has uncovered a sophisticated network of cybercrime operations linked to North Korea,...

New Malware Hijacks Docker Images Using Unique Obfuscation Technique

A recently uncovered malware campaign targeting Docker, one of the most frequently attacked services...