‘Outlaw’ threat actor uses Shellbot variant to form new botnet

[silversurfer]

An unknown threat actor has been targeting organizations with botnet malware that communicates with its command-and-control server via the Internet Relay Chat application layer protocol.

Nicknamed Outlaw, the hacking group developed the botnet as a Perl language-based variant of Shellbot, according to a Nov. 1 blog post from Trend Micro, whose researchers uncovered the threat. Shellbot is a trojan horse malware that’s typically installed on computers via the Shellshock Unix Bash shell vulnerability that was found back in 2014.

In this case, however, the Perl Shellbot attackers are instead infecting victims via a command injection vulnerability that’s commonly found on IoT devices and Linux servers, but can also affect Windows environments and Android devices. They are also distributing the malware through previously brute-forced or compromised hosts, Trend Micro notes.

Source: https://www.scmagazine.com/home/security...ew-botnet/