Tuesday, December 5, 2023

Newly Emerging DDoS Botnet Attack on Electrum Takes 152,000 Hosts Under its Control

Newly Emerging DDoS botnet attack that targets one of the most popular bitcoin wallet Electrum and now it reaches the 152,000 infected hosts.

This DDoS Botnet rapidly growing and takes many hosts Under its control since April 24 when the number of infected machines in the botnet was just below 100,000 but its keep increasing and finally reaches the 152k hosts according to the online tracker report.

Electrum users are continuously targeting by a series of phishing attacks since last Dec 2018 and stolen over $4 million USD at current exchange rates.

Due to the weakness in the Electrum software, attackers able to trick users into downloading a malicious version of the wallet from two different rogue projects were active on Github from around December 21 through December 27.

hxxps://github.com/electrum-project/electrum/releases/tag/3.4.1
hxxps://github.com/electrum-wallet/electrum/releases
Fake update

But developers behind the Electrum decided to exploit the same flaw in their own software in order to redirect users to download the latest patched version.

Later this incident, threat actors were started to attack the legitimate Electrum servers that lead to overwhelmed the vulnerable clients that connected to malicious nodes.

Researchers from Malwarebytes uncovered the two distribution campaigns (RIG exploit kit and Smoke Loader) that associate with this botnet dropping the ElectrumDoSMiner malware.

Along with this, another loader called Trojan.BeamWinHTTP also involved with this attack that downloading ElectrumDoSMiner from a remote server.

According to Malwarebytes report, “As can be seen in the VirusTotal graphs above and below, there are hundreds of malicious binaries that retrieve the ElectrumDoSMiner. We surmise there are probably many more infection vectors beyond the three we’ve uncovered so far”

Attackers mainly targeting the Asia Pacific region (APAC), especially most bots are located in Brazil and Peru.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Also Read:

Hackers Offered IoT Botnet as Service “TheMoon” : Botnet-as-a-Service

Hackers Exploiting ThinkPHP Vulnerability To Expand Hakai and Yowai Botnets

New Hacking Group Outlaw Distributing Botnet to Scan The Network & Perform Cryptocurrency-Mining & Brute-Force Attack

Outlaw Hacking Group Using Command Injection Flow To Attack Organizations Network using Botnet via C&C Server

Website

Latest articles

Hackers Use Weaponized Documents to Attack U.S. Aerospace Industry

An American aerospace company has been the target of a commercial cyberespionage campaign dubbed...

Active Attacks Targeting Google Chrome & ownCloud Flaws: CISA Warns

The CISA announced two known exploited vulnerabilities active attacks targeting Google Chrome & own...

Cactus Ransomware Exploiting Qlik Sense code execution Vulnerability

A new Cactus Ransomware was exploited in the code execution vulnerability to Qlik Sense...

Hackers Bypass Antivirus with ScrubCrypt Tool to Install RedLine Malware

The ScrubCrypt obfuscation tool has been discovered to be utilized in attacks to disseminate the RedLine Stealer...

Hotel’s Booking.com Hacked Logins Let Attacker Steal Guest Credit Cards

According to a recent report by Secureworks, a well-planned and advanced phishing attack was...

Critical Zoom Vulnerability Let Attackers Take Over Meetings

Zoom, the most widely used video conferencing platform has been discovered with a critical...

Hackers Using Weaponized Invoice to Deliver LUMMA Malware

Hackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Related Articles