PumaBot: Novel Botnet Targeting IoT Surveillance Devices

A new Go-based Linux botnet named PumaBot has been identified targeting IoT devices, particularly surveillance systems. It brute-forces SSH credentials using lists from a C2 server, then deploys itself and establishes persistence. The malware disguises itself as legitimate system files, creates systemd services, and adds SSH keys for backdoor access. It also includes components for credential theft and system monitoring. The botnet demonstrates sophisticated evasion techniques and aims for long-term access to compromised devices.

Pulse ID: 6840aeed45c664821c11fe38
Pulse Link: https://otx.alienvault.com/pulse/6840aeed45c664821c11fe38
Pulse Author: AlienVault
Created: 2025-06-04 20:39:09

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #CyberSecurity #ELF #InfoSec #IoT #Linux #Malware #OTX #OpenThreatExchange #RAT #RCE #SSH #bot #botnet #AlienVault

Proxy Botnet Dismantled After 20 Years

Pulse ID: 68401f8dee854b1bf8aab809
Pulse Link: https://otx.alienvault.com/pulse/68401f8dee854b1bf8aab809
Pulse Author: cryptocti
Created: 2025-06-04 10:27:25

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #OTX #OpenThreatExchange #Proxy #bot #botnet #cryptocti

NEW: India, China and US were the top #DDoS targets in Q1 2025, with #APAC facing over half of global attacks, according to new data from cybersecurity firm #StormWall.

Read: https://hackread.com/stormwall-india-china-us-most-ddos-attacks-q1-2025/

#CyberSecurity #CyberAttack #Botnet #India #China #USA

Oltre 9.000 router Asus compromessi da una botnet.
#botnet #asus #router
L'attacco sfrutta credenziali deboli e installa una backdoor che resiste agli update del firmware.
#backdoor #malware #cybersecurity #cybersicurezza
https://www.zeusnews.it/n.php?c=31060

ViciousTrap: Persistent SSH Backdoors Found in 9,000+ ASUS Routers

A sophisticated cyberattack campaign, dubbed ViciousTrap, has compromised over 9,000 ASUS routers, establishing persistent SSH backdoors that survive reboots and firmware updates.

https://forum.hashpwn.net/post/637

#backdoor #asus #cybersecurity #botnet #news #greynoise #ViciousTrap #hashpwn

Thousands of compromised ASUS routers are being co-opted into a volatile but persistent botnet. Our latest blog takes IoCs from @greynoise and breaks down how the AyySSHush campaign has evolved over the past 5 months — and what makes it stand out:

https://censys.com/blog/tracking-ayysshush-a-newly-discovered-asus-router-botnet-campaign

#botnet #asus #infosec #security

🚨 Over 9,000 ASUS routers compromised! 🕵️‍♂️ Stealthy backdoors persist through reboots & firmware updates, evading detection with advanced tactics. #Cybersecurity #ASUS #Botnet
Read more: https://arstechnica.com/security/2025/05/thousands-of-asus-routers-are-being-hit-with-stealthy-persistent-backdoors/ #newz

New #PumaBot #botnet brute forces #SSH credentials to breach devices

https://www.bleepingcomputer.com/news/security/new-pumabot-botnet-brute-forces-ssh-credentials-to-breach-devices/

#cybersecurity

#Botnet hacks 9,000+ #ASUS routers to add persistent #SSH #backdoor

https://www.bleepingcomputer.com/news/security/botnet-hacks-9-000-plus-asus-routers-to-add-persistent-ssh-backdoor/

#cybersecurity

Thousands of ASUS Routers Hijacked in Stealthy Backdoor Campaign

A sophisticated hacking campaign has compromised approximately 9000 ASUS routers, creating persistent backdoors that survive firmware updates and reboots. The attackers utilize the routers' legitimate features to maintain long-term access without dropping malware or leaving traces. This operation appears to be assembling a distributed network of backdoor devices, potentially for a future botnet. The intrusion chain involves brute-force login attempts, exploitation of zero-day vulnerabilities, and the use of CVE-2023-39780. The attackers employ stealthy techniques such as enabling SSH access on a custom port, inserting attacker-controlled public keys, and disabling router logging. The campaign's sophistication suggests a formidable and well-funded adversary, possibly associated with Chinese-sponsored hackers.

Pulse ID: 683886fb0eae29046fb00608
Pulse Link: https://otx.alienvault.com/pulse/683886fb0eae29046fb00608
Pulse Author: AlienVault
Created: 2025-05-29 16:10:35

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #Chinese #CyberSecurity #InfoSec #Malware #OTX #OpenThreatExchange #RAT #RCE #SSH #Troll #ZeroDay #bot #botnet #AlienVault

💡 Migliaia di router ASUS infettati da backdoor persistente

https://gomoot.com/migliaia-di-router-asus-infettati-da-backdoor-persistente/

#asus #backdoor #blog #botnet #hacker #malware #news #picks #router #tech #tecnologia

A new botnet is compromising modern Asus WiFi 6 routers.

#router #WiFi #Asus #botnet #cybersecurity

https://cnews.link/novel-botnet-compromising-thousands-of-asus-routers-2/

Darktrace investigated “PumaBot,” a Go-based Linux botnet targeting IoT devices. It avoids internet-wide scanning, instead using a C2 server to get targets and brute-force SSH credentials. Once inside, it executes remote commands and ensures persistence.

https://www.darktrace.com/blog/pumabot-novel-botnet-targeting-iot-surveillance-devices

#PumaBot #Darktrace #ThreatHunt #ThreatIntel #Botnet

New #AyySSHush #botnet compromised over 9,000 #ASUS routers, adding a persistent SSH #backdoor.
https://securityaffairs.com/178413/malware/new-ayysshush-botnet-compromised-over-9000-asus-routers-adding-a-persistent-ssh-backdoor.html
#securityaffairs #hacking #malware

AyySSHush Botnet Exploits ASUS Routers to Establish Persistent SSH Backdoor

Pulse ID: 6837b3268dd103bcc69d7488
Pulse Link: https://otx.alienvault.com/pulse/6837b3268dd103bcc69d7488
Pulse Author: cryptocti
Created: 2025-05-29 01:06:46

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #CyberSecurity #InfoSec #OTX #OpenThreatExchange #SSH #bot #botnet #cryptocti

PumaBot Botnet Targets Linux IoT for SSH Theft and Crypto Mining

Pulse ID: 6837b18146c64e0ab478a4fc
Pulse Link: https://otx.alienvault.com/pulse/6837b18146c64e0ab478a4fc
Pulse Author: cryptocti
Created: 2025-05-29 00:59:45

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CryptoMining #CyberSecurity #InfoSec #IoT #Linux #OTX #OpenThreatExchange #SSH #bot #botnet #cryptocti

Over 9,000 ASUS routers are compromised by a novel botnet dubbed "AyySSHush" that was also observed targeting SOHO routers from Cisco, D-Link, and Linksys. #CyberSecurity #botnet #CyberAttacks https://www.bleepingcomputer.com/news/security/botnet-hacks-9-000-plus-asus-routers-to-add-persistent-ssh-backdoor/

PumaBot is shaking up IoT security by targeting vulnerable Linux devices with weak SSH credentials—hijacking systems for crypto mining. Are your gadgets really safe?

https://thedefendopsdiaries.com/pumabot-a-new-threat-in-iot-security/

#pumabot
#iotsecurity
#botnet
#sshsecurity
#cryptomining

A new botnet is quietly hijacking Linux-based IoT devices.

PumaBot is targeting embedded Linux IoT devices—brute-forcing SSH, mining crypto, and hijacking credentials.

It impersonates Redis, evades honeypots, and survives reboots using systemd persistence. #cybersecurity #Linux #botnet https://thehackernews.com/2025/05/new-pumabot-botnet-targets-linux-iot.html

I cracked one of those puppet accounts. 😂 It's part of a ring of accounts that do this kind of work.

What else do you want me to find out?

#infosec #itsecurity #botnet