The VPNFilter Botnet Is Attempting a Comeback

Discussion in '0-day Release' started by silversurfer, Jun 2, 2018.

  1. silversurfer

    silversurfer Malware Tester Silver Member

    The VPNFilter botnet that was built by Russian cyberspies, which infected over 500,000 routers, and was taken down last week by the FBI is attempting a comeback, according to telemetry data gathered this week.

    Security researchers from JASK and GreyNoise Intelligence revealed on Friday that they had detected the same threat actor that built the first iteration of the VPNFilter botnet attempting to compromise new routers and build a new VPNFilter botnet.

    The VPNFilter malware that infects devices is considered one of the most advanced pieces of IoT malware. The VPNFilter malware —which doesn't have anything to do with VPNs— is comprised of three types of payloads.

    The first-stage payload can achieve boot persistence on devices and survive reboot operations (the second IoT malware to ever achieve this), the second-stage component is akin to a remote access trojan (RAT), while the third-stage payloads are plugins for this RAT, which add extra functionality.

    Full Article:
    Der.Reisende, RGiskardR and Trim like this.
  2. Google Adsense

Share This Page