Botnets

KadNap Malware

KadNap Malware Compromises Over 14,000 Edge Devices to Build Stealth Proxy Botnet

Cybersecurity researchers have uncovered a sophisticated malware campaign involving a threat dubbed KadNap, which primarily targets Asus routers and other edge devices to build a stealthy proxy botnet. The malware has compromised over 14,000 devices globally, with more than 60% of infections in the U.S., according to Black Lotus Labs at Lumen. KadNap uses a custom implementation of the Kademlia Distributed […]

KadNap Malware Compromises Over 14,000 Edge Devices to Build Stealth Proxy Botnet Read More »

Aeternum C2 Botnet Stores Encrypted Commands on Polygon Blockchain to Avoid Takedown

Cybersecurity researchers have uncovered a sophisticated botnet loader named Aeternum C2 that leverages blockchain technology to maintain a resilient and takedown resistant command and control infrastructure. Instead of relying on conventional domains or centralized servers, the malware stores encrypted instructions directly on the Polygon blockchain. According to research published by Qrator Labs, this strategy enables

Aeternum C2 Botnet Stores Encrypted Commands on Polygon Blockchain to Avoid Takedown Read More »

SSHStalker Botnet Controls Linux Systems via IRC C2 and Legacy Kernel Exploits

Cybersecurity researchers have uncovered a newly identified botnet operation named SSHStalker, which leverages the Internet Relay Chat, IRC, protocol as its command-and-control infrastructure. The campaign specifically targets Linux systems by exploiting outdated kernel vulnerabilities, many of which date back more than a decade. According to security firm Flare, the operation combines stealth-focused techniques with older Linux

SSHStalker Botnet Controls Linux Systems via IRC C2 and Legacy Kernel Exploits Read More »

AISURU and Kimwolf Botnet Launch Record-Breaking 31.4 Tbps DDoS Attack

Cybersecurity researchers have attributed a record-breaking distributed denial-of-service attack to the AISURU and Kimwolf botnet, which generated traffic peaks of 31.4 terabits per second and lasted approximately 35 seconds, making it one of the largest DDoS attacks ever recorded. Cloudflare confirmed that the attack occurred in November 2025 and was automatically detected and mitigated by its systems. The company said the incident

AISURU and Kimwolf Botnet Launch Record-Breaking 31.4 Tbps DDoS Attack Read More »

Google Disrupts IPIDEA, One of the World’s Largest Residential Proxy Networks

Google has announced the disruption of IPIDEA, widely recognized as one of the largest residential proxy networks in operation. The takedown involved legal actions to seize dozens of domains used to control infected devices and route proxy traffic, rendering IPIDEA’s main website (www.ipidea.io) inaccessible. IPIDEA previously promoted itself as a leading IP proxy provider, claiming

Google Disrupts IPIDEA, One of the World’s Largest Residential Proxy Networks Read More »

Researchers Null-Route More Than 550 Kimwolf and Aisuru Botnet Command Servers

Security researchers have disrupted a major botnet operation after null-routing traffic linked to more than 550 command-and-control servers tied to the AISURU and Kimwolf botnets. The takedown was carried out by Black Lotus Labs, the threat intelligence arm of Lumen Technologies, and began in early October 2025. These botnets have rapidly grown into some of the largest active malicious

Researchers Null-Route More Than 550 Kimwolf and Aisuru Botnet Command Servers Read More »

GoBruteforcer Botnet Targets Crypto Project Databases by Exploiting Weak Credentials

A renewed wave of GoBruteforcer activity has been observed targeting databases linked to cryptocurrency and blockchain projects. The campaign aims to hijack vulnerable servers and enroll them into a botnet capable of brute forcing user credentials for services such as FTP, MySQL, PostgreSQL, and phpMyAdmin on Linux based systems. Campaign Drivers and Initial Findings According

GoBruteforcer Botnet Targets Crypto Project Databases by Exploiting Weak Credentials Read More »

WhatsApp Worm Propagates Astaroth Banking Trojan in Brazil Through Auto-Messaging

Cybersecurity researchers have uncovered a new malware campaign that abuses WhatsApp as a distribution channel to spread the Astaroth banking trojan across Brazil. The operation specifically targets Windows users and represents an evolution in how financial malware is propagated in the region. The campaign has been named Boto Cor-de-Rosa by the Acronis Threat Research Unit.

WhatsApp Worm Propagates Astaroth Banking Trojan in Brazil Through Auto-Messaging Read More »

RondoDox Botnet Abuses Critical React2Shell Vulnerability to Hijack IoT Devices and Web Servers

Cybersecurity researchers have uncovered a prolonged nine-month campaign that targeted Internet of Things (IoT) devices and web applications to recruit them into a botnet named RondoDox. As of December 2025, threat actors have been observed exploiting the newly disclosed React2Shell vulnerability (CVE-2025-55182, CVSS 10.0) to gain unauthorized access to vulnerable systems, according to an analysis

RondoDox Botnet Abuses Critical React2Shell Vulnerability to Hijack IoT Devices and Web Servers Read More »