Check Point: The Echobot Botnet has launched Large-Scale Attacks on Smart Devices

Check Point The Echobot Botnet has launched Large-Scale Attacks on Smart Devices

Check Point experts have prepared the Global Threat Index report dedicated to the most active threats of August 2019. Analysts note the activity of the Echobot botnet, as well as the “return to life” of the Emotet botnet.

In the report, the research group warns of a new version of the botnet Mirai – Echobot, which began large-scale attacks on smart devices. Echobot appeared in May 2019, and has since “learned” to exploit more than 50 different vulnerabilities. Malvar is particularly active in exploiting the problems of Command Injection Over HTTP. Echobot attacks have already affected 34% of organizations around the world.

“Echobot is a new version of the Mirai botnet. We note a sharp increase in its use: it currently targets more than 50 different vulnerabilities and has already affected more than 34% of companies around the world. It is therefore important that organizations regularly update all their networks, software and IoT devices. In Russia, the AgentTesla malware has risen to the top 3, which was actively spread during the summer months. As a rule, phishing emails imitated those messages that are often sent during vacations: information about booking and buying air tickets, bills for them,”

– comments Vasily Diaghilev, head of Check Point Software Technologies in Russia and the CIS.

As the researchers assumed, in August the infrastructure of another botnet, Emotet, was reactivated. The fact is that a couple of months ago, in June 2019, the number of malicious campaigns Emotet sharply decreased. The Check Point team then suggested that the botnet infrastructure could be shut down for maintenance and updates. We have already noted that the “vacation” of Emotet operators is not an unusual case. Botnets often take breaks in operation, updating the infrastructure, or while their operators are resting. For example, the famous Dridex botnet was shut down every year from mid-December to mid-January, during the winter holidays.

As a result, the top most active malawari in August 2019 looks as follows.

The most active miner in the world in August 2019:

  • XMRig – open source software first discovered in May 2017. Used for mining of Monero cryptocurrency
  • Jsecoin is a JavaScript miner that can run the miner directly in your browser in exchange for advertising, in-game currency and other incentives.
  • Dorkbot is an IRC-based worm designed to run code remotely by its operator and to download additional malware to an infected system.

Most active mobile threats in August 2019:

  • Lotoor is a program that exploits vulnerabilities in the Android operating system to gain privileged root access to hacked mobile devices
  • AndroidBauts is an advertising malware that steals IMEI, IMSI, GPS data and other device information and allows you to install third-party applications on infected mobile devices.
  • Triada is a modular backdoor that provides superuser privileges for downloaded malware and helps to integrate them into system processes. Triada has also been seen to be swapping URLs that are downloaded from the browser.

To protect your data from cybercrimes and keep your anonymity safe – use RusVPN on your devices now!