Thursday, January 21, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

Stantinko Botnet Now Targeting Linux Servers to Hide Behind Proxies

November 25, 2020
in Internet Privacy
Stantinko Botnet Now Targeting Linux Servers to Hide Behind Proxies
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

An adware and coin-miner botnet targeting Russia, Ukraine, Belarus, and Kazakhstan at least since 2012 has now set its sights on Linux servers to fly under the radar.

According to a new analysis published by Intezer today and shared with The Hacker News, the trojan masquerades as HTTPd, a commonly used program on Linux servers, and is a new version of the malware belonging to a threat actor tracked as Stantinko.

You might also like

Google Discloses Flaws in Signal, FB Messenger, JioChat Messaging Apps

SolarWinds Hackers Also Breached Malwarebytes Cybersecurity Firm

FreakOut! Ongoing Botnet Attack Exploiting Recent Linux Vulnerabilities

Back in 2017, ESET researchers detailed a massive adware botnet that works by tricking users looking for pirated software into downloading malicious executables disguised as torrents to install rogue browser extensions that perform ad injection and click fraud.

The covert campaign, which controls a vast army of half a million bots, has since received a substantial upgrade in the form of a crypto-mining module with an aim to profit from computers under their control.

Although Stantinko has been traditionally a Windows malware, the expansion in their toolset to target Linux didn’t go unnoticed, with ESET observing a Linux trojan proxy deployed via malicious binaries on compromised servers.

Intezer’s latest research offers fresh insight into this Linux proxy, specifically a newer version (v2.17) of the same malware (v1.2) called “httpd,” with one sample of the malware uploaded to VirusTotal on November 7 from Russia.

Upon execution, “httpd” validates a configuration file located in “etc/pd.d/proxy.conf” that’s delivered along with the malware, following it up by creating a socket and a listener to accept connections from what the researchers believe are other infected systems.

An HTTP Post request from an infected client paves the way for the proxy to pass on the request to an attacker-controlled server, which then responds with an appropriate payload that’s forwarded by the proxy back to the client.

In the event a non-infected client sends an HTTP Get request to the compromised server, an HTTP 301 redirect to a preconfigured URL specified in the configuration file is sent back.

Stating that the new version of the malware only functions as a proxy, Intezer researchers said the new variant shares several function names with the old version and that some hardcoded paths bear similarities to previous Stantinko campaigns.

“Stantinko is the latest malware targeting Linux servers to fly under the radar, alongside threats such as ​Doki​, ​IPStorm​ and ​RansomEXX​,” the firm said. “We think this malware is part of a broader campaign that takes advantage of compromised Linux servers.”


Credit: The Hacker News By: noreply@blogger.com (Ravie Lakshmanan)

Previous Post

World Economic Forum muses on blockchain for ‘unique’ Covid-19 vaccine distribution challenge

Next Post

Stantinko's Linux malware now poses as an Apache web server

Related Posts

Google Discloses Flaws in Signal, FB Messenger, JioChat Messaging Apps
Internet Privacy

Google Discloses Flaws in Signal, FB Messenger, JioChat Messaging Apps

January 20, 2021
SolarWinds Hackers Also Breached Malwarebytes Cybersecurity Firm
Internet Privacy

SolarWinds Hackers Also Breached Malwarebytes Cybersecurity Firm

January 20, 2021
SUNSPOT Malware Was Used to Inject SolarWinds Backdoor
Internet Privacy

FreakOut! Ongoing Botnet Attack Exploiting Recent Linux Vulnerabilities

January 20, 2021
A Set of Severe Flaws Affect Popular DNSMasq DNS Forwarder
Internet Privacy

A Set of Severe Flaws Affect Popular DNSMasq DNS Forwarder

January 20, 2021
Researchers Discover Raindrop — 4th Malware Linked to the SolarWinds Attack
Internet Privacy

Researchers Discover Raindrop — 4th Malware Linked to the SolarWinds Attack

January 19, 2021
Next Post
Stantinko’s Linux malware now poses as an Apache web server

Stantinko's Linux malware now poses as an Apache web server

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

4Paradigm Defends its Championship in China’s Machine Learning Platform Market in the 1st Half of 2020, According to IDC
Machine Learning

4Paradigm Defends its Championship in China’s Machine Learning Platform Market in the 1st Half of 2020, According to IDC

January 21, 2021
The Content Habits and Preferences of Engineers
Marketing Technology

The Content Habits and Preferences of Engineers

January 21, 2021
Ransomware victims that have backups are paying ransoms to stop hackers leaking their stolen data
Internet Security

Ransomware victims that have backups are paying ransoms to stop hackers leaking their stolen data

January 21, 2021
Skyrim modders have a new machine learning tool that turns text to realistic NPC speech
Machine Learning

Skyrim modders have a new machine learning tool that turns text to realistic NPC speech

January 21, 2021
6 Major AI Use Cases In IT Operations | by Gina Shaw | Jan, 2021
Neural Networks

6 Major AI Use Cases In IT Operations | by Gina Shaw | Jan, 2021

January 21, 2021
Agile Marketing: 3 Tips for a Post-Pandemic Economy
Marketing Technology

Agile Marketing: 3 Tips for a Post-Pandemic Economy

January 21, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • 4Paradigm Defends its Championship in China’s Machine Learning Platform Market in the 1st Half of 2020, According to IDC January 21, 2021
  • The Content Habits and Preferences of Engineers January 21, 2021
  • Ransomware victims that have backups are paying ransoms to stop hackers leaking their stolen data January 21, 2021
  • Skyrim modders have a new machine learning tool that turns text to realistic NPC speech January 21, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates