BleepingComputer reports that the Medusa distributed denial-of-service botnet has reemerged with a new Mirai-based variant, which is being pegged as a malware-as-a-service for DDoS.
Ransomware functionality has been added to the new Medusa variant, which has gained the capability to search all directories for various file types, particularly documents and vector design files, which are then encrypted through AES 256-bit encryption, according to a report from Cyble.
However, such a data encryption process was found to be flawed, with the botnet only serving as a data wiper that deletes all encrypted files within 24 hours. Researchers noted that the issue indicates the ongoing development of the new Medusa botnet, which gathers system information and does not steal user data prior to encryption.
The new Medusa strain also contains a brute forcer that is aimed at compromising Telnet services but the final payload was discovered to have incomplete support for particular commands.
Novel Mirai-based Medusa DDoS botnet emerges
BleepingComputer reports that the Medusa distributed denial-of-service botnet has reemerged with a new Mirai-based variant, which is being pegged as a malware-as-a-service for DDoS.
Attackers behind the scheme placed an ad on the LEGO website homepage that urged visitors to click a link that would "unlock secret rewards," which redirects to a third-party marketplace enabling purchases of the fraudulent LEGO token with Ethereum.
Threat actors who infiltrated the online store of 5.11 Tactical were able to exfiltrate information from individuals who shopped from July 12 to August 22, including their names and email addresses, as well as their payment card numbers, expiration dates, and security codes.
While the intrusion was initially detected on September 27, attackers were able to infiltrate MoneyGram's network between September 20 and September 22, enabling the theft of customers' names, birthdates, contact details, government identification document copies, bank account numbers, transaction details, and MoneyGram Plus Rewards numbers.