New Abcbot botnet goes after Chinese cloud providers

Named Abcbot, the botnet has targeted servers hosted by companies like Alibaba Cloud, Baidu, Tencent, and Huawei Cloud. The malware disables SELinux security protections, creates a backdoor for the attacker, and then scans the infected hosts for signs of other malware botnets. These attacks typically target Linux servers with weak passwords or are running unpatched applications. Abcbot kills processes associated with other botnets and processes related to cryptomining operations. If competing malware is found, Abcbot removes its own SSH keys and only leaves its own in place.

This behavior suggests that other groups are using a similar technique, which developers have also picked up on and decided to block. Previous samples analyzed by Trend Micro and Netlab included modules for cryptocurrency mining and DDoS attacks.

New Abcbot botnet goes after Chinese cloud providers

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

New Abcbot botnet goes after Chinese cloud providers

21-Dec-21

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address