Silent Push, from yesterday: Silent Push Identifies More Than 10,000 Infected IPs as Part of SystemBC Botnet Malware Family https://www.silentpush.com/blog/systembc/
More:
Infosecurity-Magazine: Global SystemBC Botnet Found Active Across 10,000 Infected Systems https://www.infosecurity-magazine.com/news/global-systembc-botnet-10000/ #infosec #malware #botnet
The number of botnet C&C servers continued to 📈 rise between July & December 2025, increasing by 🔺+24% #botnet #threats #report [ https://www.spamhaus.org/resource-hub/botnet-c-c/botnet-threat-update-july-to-december-2025/ ] 📎 (PDF) [ https://content.spamhaus.org/30bc0262-14ee-42d9-93bb-31985ef89497.pdf ] via The Spamhaus Project #informatique
New. You'd think it's Tuesday, based on today's prolific output.
Picus: CVE-2026-21509: APT28 Exploits Microsoft Office Zero-day Vulnerability https://www.picussecurity.com/resource/blog/cve-2026-21509-apt28-exploits-microsoft-office-zero-day-vulnerability
Securonix: Analyzing Dead#Vax: Analyzing Multi-Stage VHD Delivery and Self-Parsing Batch Scripts to Deploy In-Memory Shellcode https://www.securonix.com/blog/deadvax-threat-research-security-advisory/
Silent Push Identifies More Than 10,000 Infected IPs as Part of SystemBC Botnet Malware Family https://www.silentpush.com/blog/systembc/
Sophos: Malicious use of virtual machine infrastructure https://www.sophos.com/en-us/blog/malicious-use-of-virtual-machine-infrastructure @sophos
Tenable: LookOut: Discovering RCE and Internal Access on Looker (Google Cloud & On-Prem) https://www.tenable.com/blog/google-looker-vulnerabilities-rce-internal-access-lookout @tenable #infosec #Google #Microsoft #threatresearch #zeroday #vulnerability #malware #botnet
.ru serious? 🇷🇺 ccTLD .ru had an unbelievable +3741% ⏫ in #botnet C&C domains, placing it #1 for the most abused ccTLD in the latter half of 2025. This activity can be attributed almost entirely to #clearfake, a malicious JavaScript framework.
Learn more in the Botnet Threat Update Jul - Dec 2025 ⤵️ ⤵️
https://www.spamhaus.org/resource-hub/botnet-c-c/botnet-threat-update-july-to-december-2025/
Su atención por favor. Todo esto está pasando muy rápido.
#openclaw (antes #clawdbot, luego #moltbot) tiene una mal llamada "red social" (social network) tipo reddit: https://www.moltbook.com/
Seguro saldrá en los medios o los escucharán por ahí por el revuelo que está cusando en internet, pero llamémoslo por su nombre, es una #botnet. Los #bots *no* son seres sociables, siguen siendo calculadoras de palabras que aparentan inteligencia
"IPIDEA enttarnt: Google stoppt zentrale Drehscheibe für Botnetze und APTs"
Exposed BYOB C2 Infrastructure Reveals a Multi-Stage Malware Deployment
An exposed open directory on a command and control server revealed a complete deployment of the BYOB (Build Your Own Botnet) framework. The multi-stage infection chain targets Windows, Linux, and macOS platforms, implementing seven persistence mechanisms. The malware includes extensive post-exploitation capabilities such as keylogging, packet capture, and email harvesting. Analysis uncovered a modular design with encrypted C2 communications and infrastructure reuse across multiple regions. Two nodes also hosted XMRig cryptocurrency miners, indicating additional monetization efforts. The campaign has been operational for approximately 10 months, demonstrating geographic and provider diversification in its infrastructure.
Pulse ID: 697b5776280717e17bf1db93
Pulse Link: https://otx.alienvault.com/pulse/697b5776280717e17bf1db93
Pulse Author: AlienVault
Created: 2026-01-29 12:49:58
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #Email #InfoSec #Linux #Mac #MacOS #Malware #OTX #OpenThreatExchange #RAT #SMS #Windows #bot #botnet #cryptocurrency #AlienVault
New, from me: Who Operates the Badbox 2.0 Botnet?
The cybercriminals in control of Kimwolf -- a disruptive botnet that has infected more than 2 million devices -- recently shared a screenshot indicating they'd compromised the control panel for Badbox 2.0, a vast China-based botnet powered by malicious software that comes pre-installed on many Android TV streaming boxes. Both the FBI and Google say they are hunting for the people behind Badbox 2.0, and thanks to bragging by the Kimwolf botmasters we may now have a much clearer idea about that.
https://krebsonsecurity.com/2026/01/who-operates-the-badbox-2-0-botnet/
#Kimwolf #Botnet Lurking in Corporate, Govt. Networks
https://krebsonsecurity.com/2026/01/kimwolf-botnet-lurking-in-corporate-govt-networks/
#Kimwolf #Botnet Lurking in Corporate, Govt. Networks
A new #IoT botnet called Kimwolf has spread to more than 2 million devs, forcing infected systems to participate in massive #DDoS attacks & to relay other malicious & abusive Internet traffic. Kimwolf’s ability to scan the local networks of #compromised systems for other IoT devices to infect makes it a sobering threat to organizations…surprisingly prevalent in government and corporate networks.
#security #privacy
https://krebsonsecurity.com/2026/01/kimwolf-botnet-lurking-in-corporate-govt-networks/
EtherRAT Targeting Windows Disguised as a Game Mod Installer
A Windows variant of EtherRAT, a JavaScript-based malware, has been discovered disguised as game mod installers. The malware uses MSI files to create and execute obfuscated scripts that decrypt and run the main payload. EtherRAT retrieves its Command and Control (C2) server addresses dynamically through Ethereum smart contracts, employing anti-analysis techniques and establishing persistence via Registry Run keys. The malware's infrastructure has been linked to the Tsundere Botnet, sharing C2 servers and smart contract similarities. Analysis revealed multiple contract addresses and wallet addresses associated with the attacker, indicating an expanding and evolving operation targeting both Windows and Linux systems.
Pulse ID: 6970c8427c1fd561ba4d962a
Pulse Link: https://otx.alienvault.com/pulse/6970c8427c1fd561ba4d962a
Pulse Author: AlienVault
Created: 2026-01-21 12:36:18
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #InfoSec #Java #JavaScript #Linux #Malware #OTX #OpenThreatExchange #RAT #Windows #bot #botnet #AlienVault
XWorm 🪱 slithers up three spots to rank #6, with a +118% ⏫ increase in #botnet C&Cs between July and December 2025—now the 3rd most observed Remote Access Trojan (RAT).
Get the full list and read the FREE report here 🔎
https://www.spamhaus.org/resource-hub/botnet-c-c/botnet-threat-update-july-to-december-2025/
New, from me: The Kimwolf Botnet is Lurking in Corporate, Govt. Networks
A new Internet-of-Things botnet called Kimwolf has spread to more than 2 million devices, forcing infected systems to participate in massive distributed denial-of-service (DDoS) attacks and to relay other malicious and abusive Internet traffic. Kimwolf’s ability to scan the local networks of compromised systems for other IoT devices to infect makes it a sobering threat to organizations, and new research reveals Kimwolf is surprisingly prevalent in government and corporate networks.
https://krebsonsecurity.com/2026/01/kimwolf-botnet-lurking-in-corporate-govt-networks/
Analyzing React2Shell Threat Actors
This report analyzes the exploitation of CVE-2025-55182, known as React2Shell, a critical vulnerability in React Server Components. It examines various attack payloads, including credential harvesters, reverse shells, and botnet loaders. The analysis reveals rapid weaponization of the vulnerability, with attackers employing sophisticated techniques like fileless downloaders, raw TCP stagers, and creative use of framework errors. The report also highlights the top 10 exploited CVEs for December, with React2Shell quickly rising to the second most targeted vulnerability. Key indicators of compromise and recommended mitigation strategies are provided to help organizations defend against these threats.
Pulse ID: 696b8bd46b346ef957af57ad
Pulse Link: https://otx.alienvault.com/pulse/696b8bd46b346ef957af57ad
Pulse Author: AlienVault
Created: 2026-01-17 13:17:08
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #InfoSec #OTX #OpenThreatExchange #RAT #TCP #Vulnerability #bot #botnet #AlienVault
#Lumen disrupts #AISURU and #Kimwolf #botnet by blocking over 550 C2 servers
https://securityaffairs.com/186918/cyber-crime/lumen-disrupts-aisuru-and-kimwolf-botnet-by-blocking-over-550-c2-servers.html
#securityaffairs #hacking #malware
Votre #box alimente peut-être à un #botnet, et cet outil gratuit permet de le verifier. On répète depuis des mois qu’il faut mettre à jour ses box, #routeurs et objets connectés pour éviter les #botnets, sans toujours expliquer comment vérifier si l’on héberge déjà un #bot. GreyNoise tente d’apporter une réponse avec #IPCheck, un outil en ligne gratuit.
https://www.clubic.com/actualite-594979-votre-box-alimente-peut-etre-a-un-botnet-et-cet-outil-gratuit-permet-de-le-verifier.html
#GoBruteforcer Botnet Targets 50K-plus #Linux Servers. Researchers detailed a souped-up version of the GoBruteforcer #botnet that preys on #servers with weak credentials and #AI-generated configurations.
https://www.darkreading.com/threat-intelligence/gobruteforcer-botnet-targets-50k-plus-linux-servers
#CheckPoint Research observed #GoBruteforcer, a modular #Go #botnet brute-forcing #Linux servers running #phpMyAdmin, #MySQL, #PostgreSQL and #FTP. Campaigns exploit AI-generated server deployments that propagate common usernames and weak defaults. The botnet converts hosts into scanners and credential harvesters, with crypto-focused runs stealing funds and expanding access through backdoors and IRC-based control.
