Endpoint/Device Security

AVrecon botnet linked to SocksEscort proxy service

Threat actors have used the AVrecon botnet malware, which was initially reported by Lumen Black Lotus to have been compromising small office/home office routers, to support the SocksEscort malware proxy service, which allows renting of hacked devices for location concealment, The Hacker News reports. Such attribution was based on the connection between AVrecon's command-and-control servers and the SocksEscort proxy service, according to a report from KrebsOnSecurity and Spur.us. Shell spawning on compromised machines is also possible with AVrecon, which could result in malicious traffic obfuscation and additional malware retrieval. "While these bots are primarily being added to the SocksEscort proxy service, there was embedded functionality within the file to spawn a remote shell. This could allow the threat actor the ability to deploy additional modules, so we suggest that managed security providers attempt to investigate these devices in their networks, while home users should power-cycle their devices," said researchers.

Related

UK cracks down on default passwords for smart devices

The UK has become the first country worldwide to prohibit Internet of Things device manufacturers from using default usernames and passwords in their products following the approval of the Product Security and Telecommunications Infrastructure act, which seeks to bolster smart device cybersecurity, The Hacker News reports.

Novel Wpeeper Android malware examined

BleepingComputer reports that hacked WordPress sites have been used as relay command-and-control servers by the novel Wpeeper Android malware, which has been spread via a pair of app stores impersonating the Uptodown App Store and is believed to have already compromised thousands of Android devices.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.