N3Cr0m0rPh Malware, also known as Necro Python, is a family of botnet written in Python which was discovered in 2015, with Windows systems often the initial targets.

Now, both Linux and Windows devices are targets, with active exploits recorded at the start of 2021, which malware campaign dubbed "FreakOut" exploits vulnerabilities in network-attached storage (NAS) devices running on Linux machines.

It co-opt the Linux machines into a botnet useful for launching DDoS (distributed denial-of-service) attacks and Monero cryptocurrency mining.

How N3Cr0m0rPh Malware Family gets Upgraded with New Evasive tricks?



According to researchers at Cisco Talos, there is a newly discovered malware campaign that utilizes the Necro Python bot with new functionality and improved chances running undetected on infected vulnerable systems.



The upgraded botnet contains exploits for over 10 different web apps, including the SMB protocol. It combines RAT-like and DDoS functionalities to download and launch more payloads; with stealth in mind it installs a rootkit that hides the malware presence on the system.

Additionally, the botnet injects malicious code to execute a JavaScript-based miner from a remote server in HTML and PHP files stored on the infected systems.

What Organizations Need to Do to Mitigate such Malware Attacks?



While the core functionality had remained the same, with IRC for communicating with the C2 server and commands for launching DDoS, backdoor and stealing and exfiltrating data; it has increased chances of spreading and infecting more systems.

And notably, it exploits vulnerabilities in Vesta Control Panel, VMWare vSphere, SCO OpenServer, and other related products; which makes it mandatory for users to ensure that these products are up-to-date and always apply patches for their devices to shut off vulnerabilities.

N3Cr0m0rPh Malware Family Upgraded with New Evasive tricks

N3Cr0m0rPh Malware, also known as Necro Python, is a family of botnet written in Python which was discovered in 2015, with Windows systems often the initial targets.

Now, both Linux and Windows devices are targets, with active exploits recorded at the start of 2021, which malware campaign dubbed "FreakOut" exploits vulnerabilities in network-attached storage (NAS) devices running on Linux machines.

It co-opt the Linux machines into a botnet useful for launching DDoS (distributed denial-of-service) attacks and Monero cryptocurrency mining.

How N3Cr0m0rPh Malware Family gets Upgraded with New Evasive tricks?



According to researchers at Cisco Talos, there is a newly discovered malware campaign that utilizes the Necro Python bot with new functionality and improved chances running undetected on infected vulnerable systems.



The upgraded botnet contains exploits for over 10 different web apps, including the SMB protocol. It combines RAT-like and DDoS functionalities to download and launch more payloads; with stealth in mind it installs a rootkit that hides the malware presence on the system.

Additionally, the botnet injects malicious code to execute a JavaScript-based miner from a remote server in HTML and PHP files stored on the infected systems.

What Organizations Need to Do to Mitigate such Malware Attacks?



While the core functionality had remained the same, with IRC for communicating with the C2 server and commands for launching DDoS, backdoor and stealing and exfiltrating data; it has increased chances of spreading and infecting more systems.

And notably, it exploits vulnerabilities in Vesta Control Panel, VMWare vSphere, SCO OpenServer, and other related products; which makes it mandatory for users to ensure that these products are up-to-date and always apply patches for their devices to shut off vulnerabilities.

No comments