BleepingComputer reports that the Medusa distributed denial-of-service botnet has reemerged with a new Mirai-based variant, which is being pegged as a malware-as-a-service for DDoS.
Ransomware functionality has been added to the new Medusa variant, which has gained the capability to search all directories for various file types, particularly documents and vector design files, which are then encrypted through AES 256-bit encryption, according to a report from Cyble.
However, such a data encryption process was found to be flawed, with the botnet only serving as a data wiper that deletes all encrypted files within 24 hours. Researchers noted that the issue indicates the ongoing development of the new Medusa botnet, which gathers system information and does not steal user data prior to encryption.
The new Medusa strain also contains a brute forcer that is aimed at compromising Telnet services but the final payload was discovered to have incomplete support for particular commands.
Novel Mirai-based Medusa DDoS botnet emerges
BleepingComputer reports that the Medusa distributed denial-of-service botnet has reemerged with a new Mirai-based variant, which is being pegged as a malware-as-a-service for DDoS.
Attackers behind the scheme placed an ad on the LEGO website homepage that urged visitors to click a link that would "unlock secret rewards," which redirects to a third-party marketplace enabling purchases of the fraudulent LEGO token with Ethereum.
Threat actors who infiltrated the online store of 5.11 Tactical were able to exfiltrate information from individuals who shopped from July 12 to August 22, including their names and email addresses, as well as their payment card numbers, expiration dates, and security codes.