Vulnerable TBK digital video recorders impacted by the command injection flaw, tracked as CVE-2024-3721, and Four-Faith routers affected by the operating system command injection issue, tracked as CVE-2024-12856, have been targeted by the novel RondoDox botnet for distributed denial-of-service attacks, The Hacker News reports.
More recent intrusions involving RondoDox involved distribution through a shell script downloader aimed at other Linux architectures, which disregards signals for process termination before the deployment and execution of the malware, a report from Fortinet FortiGuard Labs showed. Aside from ending network utility-, system analysis tool-, and malware-related processes to ensure clandestine operations, RondoDox also scans and renames legitimate executables, as well as impersonates Roblox, Discord, OpenVPN, and other widely used platforms to further hinder detection and recovery efforts. "RondoDox is a sophisticated and emerging malware threat that employs advanced evasion techniques, including anti-analysis measures, XOR-encoded configuration data, custom-built libraries, and a robust persistence mechanism," said researcher Vincent Li.
More recent intrusions involving RondoDox involved distribution through a shell script downloader aimed at other Linux architectures, which disregards signals for process termination before the deployment and execution of the malware, a report from Fortinet FortiGuard Labs showed. Aside from ending network utility-, system analysis tool-, and malware-related processes to ensure clandestine operations, RondoDox also scans and renames legitimate executables, as well as impersonates Roblox, Discord, OpenVPN, and other widely used platforms to further hinder detection and recovery efforts. "RondoDox is a sophisticated and emerging malware threat that employs advanced evasion techniques, including anti-analysis measures, XOR-encoded configuration data, custom-built libraries, and a robust persistence mechanism," said researcher Vincent Li.
