Teacher
Professional
- Messages
- 2,670
- Reaction score
- 819
- Points
- 113
Late last month, Juniper Threat Labs researchers noted new activity by the Python botnet FreakOut, also known as Necro and N3Cr0m0rPh, which targeted Visual Tools DVRs used in professional video surveillance systems. This informs threatpost.
The botnet actively uses several services, including an exploit for Visual Tools DVR VX16 4.2.28.0. After exploiting the vulnerability, the botnet launches a Monero miner on the system.
The FreakOut / Necro botnet appeared on the radars of security experts in November 2020. It was originally created for DDoS attacks and criminal cryptocurrency mining. Subsequently, its functionality has significantly expanded. It can install a rootkit on Windows, mask its infrastructure using a domain name generation algorithm, spread using exploits or brute force, and infect HTML, JS, PHP files. From recent versions, the SMB scanner, which was used in the spring of 2021, disappeared, and the static address of the control server was changed to a dynamic one.
In addition to Visual Tools DVR, the FreakOut botnet can attack various devices using exploits for vulnerabilities such as CVE-2020-15568 (in TerraMasterTOS up to version 4.1.29), CVE-2021-2900 (affects GenexisPlatinum 4410 2.1 P4410-V2- 1.28), CVE-2020-25494 (affects XinuosOpenserverv5 andv6), CVE-2020-28188 (in TerraMasterTOS up to version 4.2.06), and CVE-2019-12725 (found in Zeroshell 3.9.0).
The botnet actively uses several services, including an exploit for Visual Tools DVR VX16 4.2.28.0. After exploiting the vulnerability, the botnet launches a Monero miner on the system.
The FreakOut / Necro botnet appeared on the radars of security experts in November 2020. It was originally created for DDoS attacks and criminal cryptocurrency mining. Subsequently, its functionality has significantly expanded. It can install a rootkit on Windows, mask its infrastructure using a domain name generation algorithm, spread using exploits or brute force, and infect HTML, JS, PHP files. From recent versions, the SMB scanner, which was used in the spring of 2021, disappeared, and the static address of the control server was changed to a dynamic one.
In addition to Visual Tools DVR, the FreakOut botnet can attack various devices using exploits for vulnerabilities such as CVE-2020-15568 (in TerraMasterTOS up to version 4.1.29), CVE-2021-2900 (affects GenexisPlatinum 4410 2.1 P4410-V2- 1.28), CVE-2020-25494 (affects XinuosOpenserverv5 andv6), CVE-2020-28188 (in TerraMasterTOS up to version 4.2.06), and CVE-2019-12725 (found in Zeroshell 3.9.0).
