The address of this server is embedded directly into the malware code. The malware initially infects a router that meets its specifications, then starts harvesting data and sending the information back to a C2 server. "Based on information associated with their x.509 certificates, we assess that some of these second stage C2s have been active since at least October 2021," the researchers noted in their report. The malicious code has been compiled for different architectures, reinforcing the adaptability of this malware.ĪVRecon is one of the most significant botnets recently seen that specifically target SOHO routers, with more than 41,000 nodes communicating with second-stage Command and Control (C2) servers over a 28-day span. The AVRecon malware, written in the C programming language for versatility, targets ARM-embedded devices. The botnet has targeted small office/home office (SOHO) routers intending to facilitate password spraying attacks, digital advertising fraud and other criminal activities. Researchers from Lumen's Black Lotus Labs have uncovered an extensive botnet, AVRecon, which has infiltrated over 70,000 devices in 20 nations.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |