Late last month, Juniper Threat Labs researchers noted new activity by the Python botnet FreakOut, also known as Necro and N3Cr0m0rPh, which targeted Visual Tools DVRs used in professional video surveillance systems.
He actively uses several services, including the exploit for Visual Tools DVR VX16 18.104.22.168. After passing through the vulnerability, the botnet is loaded into the system to deploy the Monero miner.
FreakOut was created to carry out DDoS attacks and secret cryptocurrency mining. The botnet was first discovered in 2020 and its functionality has expanded significantly since then.
According to Juniper experts, the FreakOut bot supports many features, including:
- Traffic analyzer (network sniffer).
- Distribution using exploits.
- Propagation using brute force attacks.
- Using the Domain Generation Algorithm (DGA).
- Installing a Windows rootkit.
- Receiving and executing bot commands.
- Participation in DDoS attacks.
- Infection of HTML, JS, PHP files.
- Installing Monero Miner.
In the latest versions of the botnet, the SMB scanner has disappeared, and the static address of the control server has been changed to a dynamic one. Unlike previous versions of the FreakOut bot, the latter is capable of launching DDoS attacks using the TOR SOCKS proxy.
In addition to Visual Tools DVR, the FreakOut botnet can attack various devices using exploits for vulnerabilities such as CVE-2020-15568 (in TerraMasterTOS up to version 4.1.29), CVE-2021-2900 (affects GenexisPlatinum 4410 2.1 P4410-V2-1.28), CVE-2020-25494 (affects XinuosOpenserverv5 andv6), CVE-2020-28188 (in TerraMasterTOS up to version 4.2.06), and CVE-2019-12725 (found in Zeroshell 3.9.0).
“Digital video recorders are a pretty interesting target for IoT botnet creators, – Mikhail Zaitsev, an information security expert at SEQ, told cnews.ru. – They are well suited for criminal mining of cryptocurrencies and for launching DDoS attacks, since they often use a high-bandwidth communication channel. And like many other IoT devices, DVRs often experience security and firmware issues, so some pretty old exploits work with them. This is observed in this case. “
If you notice an error, select it with the mouse and press CTRL + ENTER.
Source: 3DNews – все новости сайта by 3dnews.ru.
*The article has been translated based on the content of 3DNews – все новости сайта by 3dnews.ru. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!
*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.
*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!