Huis > Cyber ​​Nieuws > JenX Botnet Recruits Devices Via Grand Theft Auto Servers
CYBER NEWS

JenX Botnet Rekruten Devices Via Grand Theft Auto Servers

image JenX botnet

Computer beveiliging experts meldde de ontdekking van een nieuwe malware bedreiging genaamd de JenX Botnet die zeer ongebruikelijk distributie tactiek gebruikt. Instead of relying on standard email messages it abuses one of the most popular video games — Grand Theft Auto as well as IoT devices.

Verwante Story: Droidclub Botnet infiltreert Machines Via Google Chrome-extensies

JenX Botnet Discovery and Infiltration Tactics

A new worldwide botnet infection has been reported by the security community. The new threat is called the JenX botnet and features a highly unusual infiltration mechanism. According to the code analysis takes advantage of several vulnerabilities that affect certain popular router models made by Huawei en Realtek. They are among the biggest network equipment manufacturers and such models are usually bought by Internet Service Providers (ISPs) and given out to customers. This means that potentially thousands or even millions of computers can fall victim to the automated penetration testing. The two vulnerabilities are tracked in the following security advisories:

  • CVE-2014-8361 — The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request.
  • CVE-2017-17.215 — Huawei HG532 CVE-2017-17215 Remote Code Execution Vulnerability.

Its interesting to note that both weaknesses are taken from the Satori botnet. The snippets were identified in public posts made by the hacker known under the aliasJanit0rwho is the author of BrickerBot. According to the research the botnet is designed specifically against gaming providers, clubs and gamers.

The malware code infiltrates servers that power up games and as a result infect the client machines as well. The link made with the Grand Theft Auto game is due to the fact that compromised servers hosting the JenX botnet host the game. Such tactics are particularly effective against targets as gaming servers are known for their performance and network connectivity.

This is a follow-up upgrade from base botnets like Mirai. Their intrusion strategy was to rely on default credentials which are probed for access. Once the malware has compromised the target device it can change the account credentials and deny access to the owners. The second-generation botnets like Satori depend on firmware vulnerabilities and as a result they are much more effective against potential targets. Most IoT devices never receive critical security updates either due to a lack of software support or owner negligence. Exploits can be easily triggered using automated platforms which makes it easy even for beginner users to utilize it in their attack schemes.

The JenX Botnet and the Gaming Servers Connection

One of the proposed reasons why the malware targets gaming servers is the fact that they are frequently rented for whole groups or used in tournaments. Once the malware code has infected the server itself it can be used to spread viruses to the connected clients through the video games themselves. Usually they integrate in themselves chat options which can be abused.

Using social engineering tactics the criminals can opt to deliver additional malware through links posted in the chat software. They can be disguised as service messages such as password reset links, meldingen en etc.

In other cases the victims can be redirected to malware sites which include phishing elements. Instead of delivering executable files the criminals attempt to confuse the users into entering their account credentials to impostor sites. The criminals usually take the graphics and text elements from web services and social networks which are among the most widely visited sites. In recent years these type of scams have become so advanced that sometimes it is hard to tell the fake from the legitimate service. The criminals not only impose almost the same visual identity, but also sign the security certificates and establish a secure connection with credentials that bear a striking resemblance to the actual real ones.

Verwante Story: Smominru Botnet Infecteert Machines Met Monero cryptogeld Miner

JenX Botnet Infection Capabilities

The researchers note that the botnet is particularly dangerous as it integrates an advanced stealth beschermingsmodule that aims to hide the threat from security software and analysis. Such techniques are also bundled in advanced ransomware samples where the infection engine looks out for any sandbox or debugging environments, virtuele machines en anti-virus producten. They can be either disabled or removed. The viruses can also be instructed into deleting themselves if they are unable to bypass the security protection. Such steps can also be integrated in the JenX botnet via script commands. The hackers were found to distribute copies of the JenX compatible with MIPS, ARM and X86 which are the most popular platforms.

The hacker operators seek to silently infiltrate both commercial servers and private ones. Its interesting to note that that the wide audience support seems like an important factor to consider. The criminal community behind the attacks seem to utilize a centralized server which acts as the primary malware platform. The experts load the vulnerabilities along with other custom scripts to execute the follow-up stages of infections.

The infiltrated sites offer access to a Grand Theft Auto San Andreas modded servers for the price of $16, TeamSpeak servers are sold for $9. If the hackers pay $20 more they can utilize the compromised servers for controlled DDOS attacks against single targets. The reports indicate that the peak network thorough can be 290 of 300 Gbps. At the moment the impact caused by the JenX botnet is related to a minor disruption among local gamers. It can be used to sabotage Grand Theft Auto tournaments and group play.

The experts note that if the centralized servers can be taken down the whole platform can fail. It is presumed that the threat can be updated in future versions to utilize a decentralized approach. Recent infections have been found to feature a P2P approach which is harder to mitigate.

We recommend that all users scan their systems for active infections and protect themselves from incoming threats by using a quality anti-spyware solution.

Download

Malware Removal Tool


Spy Hunter scanner zal alleen de bedreiging op te sporen. Als u wilt dat de bedreiging voor automatisch verwijderd, je nodig hebt om de volledige versie van de anti-malware gereedschap kopen.Ontdek meer over SpyHunter Anti-Malware Tool / Hoe te verwijderen SpyHunter

avatar

Martin Beltov

Martin studeerde af met een graad in de uitgeverij van de universiteit van Sofia. Als een cyber security enthousiast dat hij geniet van het schrijven over de nieuwste bedreigingen en de mechanismen van inbraak.

Meer berichten

Volg mij:
Tjilpen

Laat een bericht achter

Uw e-mailadres wordt niet gepubliceerd. Verplichte velden zijn gemarkeerd *

Delen op Facebook Aandeel
Loading ...
Delen op Twitter Gekwetter
Loading ...
Delen op Google Plus Aandeel
Loading ...
Delen op Linkedin Aandeel
Loading ...
Delen op Digg Aandeel
Deel op Reddit Aandeel
Loading ...
Delen op StumbleUpon Aandeel
Loading ...