KashmirBlack Botnet Hits at CMS for Cryptocurrency Mining
Crypto Guide
Live News
Bigrock [CPS] IN

KashmirBlack Botnet Hits at CMS for Cryptocurrency Mining

October 27, 2020      Jafrin Ahmed

Indonesia-based botnet network KashmirBlack attacks popular content management systems (CMS) such as WordPress, Drupal, Joomla among others. The botnet network intends to attack CMS platforms and use their servers for cryptocurrency mining or sending spams to victims.

Member of PhantomGhost Hacker Group Behind The Botnet

U.S.-based cybersecurity firm Imperva uncovered the highly sophisticated botnet. The botnet network is run by the hacker “Exect1337,” a member of the Indonesian hacker crew PhantomGhost. Researchers were able to link the botnet to the particular Indonesian hacking group by tracing IP addresses used during a website defacement campaign earlier this year.

Ofir Shaty, Imperva security researcher and research co-author share his views saying:

“This is the first time we have been able to get visibility into how exactly a botnet like this operates; an important discovery that will help the industry better understand how these nefarious groups evolve and sustain their activity.”

READ  yEarn Finance Launched a Governance Token With No Pre-Mine

According to the report, KashmirBlack started operating last year in November 2019 and has attacked thousands of websites including WordPress, Joomla, PrestaShop, Magento, Drupal, vBulletin, OsCommerce, OpenCart, and Yeager.

Researchers at Imperva says that it is also supported by 60 other compromised content management servers as part of its malicious infrastructure.

KashmirBlack Botnet Infected Around 700 CMS Platforms Everyday

The security researchers at Imperva have estimated that KashmirBlack has infected around 700 vulnerable content management system servers each day. This implies that the botnet alone has compromised around 230,000 servers yet.

Attackers of KashmirBlack use cloud services from platforms such as GitHub, Dropbox, and Pastebin to hide from security tools while sending out additional spams to the infected servers.

Moreover, KashmirBlack botnet is controlled by a single command-and-control server. In March, the botnet network added a crypto mining function, using XMRig malware to mine for Monero cryptocurrency. Security researchers at Imperva were able to uncover this by tracing this activity to a digital wallet.

READ  Crypto Market In Corrective Decrease: Bitcoin Cash, BNB, Litecoin, TRX Analysis
#Botnet #CMS #content management systems #cryptocurrency mining #Exect1337 #Hacking #KashmirBlack #Monero mining
Jafrin Ahmed
Jafrin Ahmed

Jafrin is a cryptocurrency journalist/researcher fascinated by the world of decentralization. She is hopeful towards blockchain’s innovation and its potential to reshape the world for good. Being a HODLer she takes a keen interest in following the volatile Bitcoin charts. Currently, she is bringing out the best of cryptosphere via covering the latest ins and outs of the blockchain space.