Botnets | Breaking Cybersecurity News | The Hacker News

Cybersecurity researchers have documented four new phishing kits named BlackForce, GhostFrame, InboxPrime AI, and Spiderman that are capable of facilitating credential theft at scale. BlackForce, first detected in August 2025, is designed to steal credentials and perform Man-in-the-Browser ( MitB ) attacks to capture one-time passwords (OTPs) and bypass multi-factor authentication (MFA). The kit is sold on Telegram forums for anywhere between €200 ($234) and €300 ($351). The kit, according to Zscaler ThreatLabz researchers Gladis Brinda R and Ashwathi Sasi, has been used to impersonate over 11 brands, including Disney, Netflix, DHL, and UPS. It's said to be in active development. "BlackForce features several evasion techniques with a blocklist that filters out security vendors, web crawlers, and scanners," the company said. "BlackForce remains under active development. Version 3 was widely used until early August, with versions 4 and 5 being released in subsequ...

Cybersecurity researchers have called attention to a new campaign that's actively exploiting a recently disclosed critical security flaw in Langflow to deliver the Flodrix botnet malware. "Attackers use the vulnerability to execute downloader scripts on compromised Langflow servers, which in turn fetch and install the Flodrix malware," Trend Micro researchers Aliakbar Zahravi, Ahmed Mohamed Ibrahim, Sunil Bharti, and Shubham Singh said in a technical report published today. The activity entails the exploitation of CVE-2025-3248 (CVSS score: 9.8), a missing authentication vulnerability in Langflow , a Python-based "visual framework" for building artificial intelligence (AI) applications. Successful exploitation of the flaw could enable unauthenticated attackers to execute arbitrary code via crafted HTTP requests. It was patched by Langflow in March 2025 with version 1.3.0. Last month, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) flagg...

Law enforcement authorities have announced that they tracked down the customers of the SmokeLoader malware and detained at least five individuals. "In a coordinated series of actions , customers of the Smokeloader pay-per-install botnet, operated by the actor known as 'Superstar,' faced consequences such as arrests, house searches, arrest warrants or 'knock and talks,'" Europol said in a statement. Superstar is alleged to have run a pay-per-install service that enabled its customers to gain unauthorized access to victim machines, using the loader as a conduit to deploy next-stage payloads of their choice. According to the European law enforcement agency, the access afforded by the botnet was used for various purposes such as keylogging, webcam access, ransomware deployment, and cryptocurrency mining. The latest action, part of an ongoing coordinated exercise called Operation Endgame , which led to the dismantling of online infrastructure associated with...

Threat actors are exploiting an unspecified zero-day vulnerability in Cambium Networks cnPilot routers to deploy a variant of the AISURU botnet called AIRASHI to carry out distributed denial-of-service (DDoS) attacks. According to QiAnXin XLab, the attacks have leveraged the security flaw since June 2024. Additional details about the shortcomings have been withheld to prevent further abuse. Some of the other flaws weaponized by the distributed denial-of-service (DDoS) botnet include CVE-2013-3307 , CVE-2016-20016 , CVE-2017-5259 , CVE-2018-14558 , CVE-2020-25499 , CVE-2020-8515 , CVE-2022-3573 , CVE-2022-40005 , CVE-2022-44149 , CVE-2023-28771 , as well as those impacting AVTECH IP cameras, LILIN DVRs, and Shenzhen TVT devices. "The operator of AIRASHI has been posting their DDoS capability test results on Telegram," XLab said. "From historical data, it can be observed that the attack capacity of the AIRASHI botnet remains stable around 1-3 Tbps." A majority ...

A group of cyber criminals has infected as much as 1 Million computers around the world over the past two years with a piece of malware that hijacks search results pages using a local proxy. Security researchers from Romania-based security firm Bitdefender revealed the presence of this massive click-fraud botnet, which the researchers named Million-Machine Campaign. For those unaware, Botnets are networks of computers infected with malware designed to take control of the infected system without the owner's knowledge, potentially being used for launching distributed denial-of-service (DDoS) attacks against websites. The malware in question is known as Redirector.Paco that alone has infected over 900,000 machines around the world since its release in 2014. The Redirector.Paco Trojan infects users when they download and install tainted versions of popular software programs, such as WinRAR, YouTube Downloader, KMSPico, Connectify, or Stardock Start8. Once infected, Paco m...

Social Networking giant Facebook has just launched a new platform called ThreatExchange , which is designed to mount a coordinated defense against cybercrime. Many security professionals rely largely on manual methods for collecting, analyzing, and consuming information about latest cyber security threats such as malware and botnets . Whereas, Mark Zuckerberg's ThreatExchange is a unique social media platform where multiple organizations can sign up and share information about new threats to cyber security, new types of hacks, phishing attacks and malicious activities they may have experienced. COLLABORATE AND TAKE ACTION Facebook is currently using a threat analysis framework called " ThreatData " to discover and tackle scams and cybercrimes, but with the growth in the magnitude of cyber attacks, Facebook believes that better communication between companies could help stamp them out. " We quickly learned that sharing with one another was key to bea...

A new Cyber Crimeware kit arrived in Hacking scenes called 'PiceBOT' just like other Latin American botnets such as vOlk (Mexico) & S.A.P.Z (Peru) and  cost just $140 in underground market for Cyber criminals. Like other amazing exploit kits, the main purpose is the distribution of malware that steals financial information through local pharming attacks. Bad bots perform malicious tasks allowing an attacker to take complete control over an affected computer for the criminal to control remotely. Once infected, these machines may also be referred to as 'zombies'. Kaspersky uncovered that this kit has already been adopted by Latin American cyber criminals to target clients of major banks and so far financial bodies from Chile, Peru, Panama, Costa Rica, Mexico, Colombia, Uruguay, Venezuela, Ecuador, Nicaragua and Argentina under attack. Detected as  Trojan-Dropper.Win32.Injector , the malware having couple of dozen variants. Malware is sti...

The U.S. Department of Justice said on Tuesday that they've arrested 10 suspects from from Bosnia and Herzegovina, Croatia, Macedonia, New Zealand, Peru, the United Kingdom, and the United States involved in a global botnet operation that infected more than 11 million systems. The ring is said to have caused more than $850m in losses in one of the largest cyber crime hauls in history. Officials said international cyber crime rings linked to Butterfly (aka Mariposa) botnet, first discovered in December 2008 and shut down a year later, infected over 12 million PCs worldwide and was spread primarily through file-sharing and instant messaging attacks. It also harvested financial information from over 800,000 victims. FBI said , " Facebook's security team provided assistance to law enforcement throughout the investigation by helping to identify the root cause, the perpetrators, and those affected by the malware. Yahos targeted Facebook users from 2010 to October 2012, a...

Antivirus company Symantec has detected a malicious campaign in which hackers managed to deceive thousands of people allegedly signed by a paid proxy service. They expose that hundreds of thousands of users signing up for a cheap and supposedly legitimate proxy service have ended up downloading malware and being ensnared into a botnet. Three months ago, Symantec researchers started an investigation into a piece of malware called Backdoor.Proxybox that has been known since 2010, but has shown increasing activity recently. " The malware is Backdoor.Proxybox, and our investigation has revealed an entire black hat operation, giving us interesting information on the operation and size of this botnet, and leading us to information that may identify the actual malware author ," Symantec. The service - ProxyBox - supposedly provides access to its entire list of thousands of proxies for only $40 a month, which is obviously too cheap a price for the provider to break eve...

On-demand cloud computing is a valuable tool for companies needing temporary computing capacity without long-term investment in fixed capital. However, this same convenience makes cloud computing useful to hackers. Many hacking activities involve cracking passwords , keys, or other forms of brute force attacks. These processes are computationally intensive but highly parallelizable. Hackers have two main sources for on-demand computing: botnets made of consumer PCs and infrastructure-as-a-service (IaaS) from service providers. Both can deliver computing power on demand for brute force attacks. Botnets are unreliable and heterogeneous, taking longer to "provision." However, they are free to use and can scale to enormous sizes, with some botnets comprising hundreds of thousands of PCs. On the other hand, commercial cloud computing offers faster provisioning, predictable performance, and can be billed to a stolen credit card . The balance of power between security controls ...