Malware, Network Security, Phishing, Threat Intelligence

Malware spread by stealthy new MiktroTik botnet

Focus on malware

BleepingComputer reports that misconfigured sender policy framework DNS records have been leveraged by a novel botnet of 13,000 MiktroTik devices to facilitate covert malware compromise as part of a malspam campaign in November.

Attacks part of the campaign involved the delivery of phishing emails purporting to be freight invoices from DHL Express, which included a ZIP archive with a JavaScript file that facilitated the execution of a PowerShell script communicating with the attacker-controlled command-and-control server, according to an analysis from Infoblox. Numerous domains and SMTP server IP addresses were then uncovered following an analysis of the spam emails' headers, revealing the extensive botnet with thousands of MikroTik devices. "Even though the botnet consists of 13,000 devices, their configuration as SOCKS proxies allows tens or even hundreds of thousands of compromised machines to use them for network access, significantly amplifying the potential scale and impact of the botnet's operations," said Infoblox.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds