More than 70,000 small office/home office routers have been infiltrated by the novel AVrecon botnet for over two years, making it one of the largest botnets targeted at SOHO devices ever, The Hacker News reports.
AVrecon consists of 40,000 nodes across 20 countries, with the U.K., U.S., Argentina, Nigeria, and Brazil accounting for most of the infections, according to a Lumen Black Lotus Labs report. After enumerating a targeted SOHO router, AVrecon proceeds to track other malware instances and lets the compromised system communicate with another command-and-control server before enabling advertising fraud and data theft through malicious Facebook and Google ads, as well as Microsoft Outlook interactions.
"The manner of attack seems to focus predominantly on stealing bandwidth without impacting end-users in order to create a residential proxy service to help launder malicious activity and avoid attracting the same level of attention from Tor-hidden services or commercially available VPN services," said researchers.
Google announced at the Google I/O 2024 conference that several new security and privacy enhancements are set to roll out for Android, including on-device live threat detection for identifying malicious apps, improved safeguards for screen sharing, and enhanced security against cell site simulators, TechCrunch reports.
The botnet malware tracked as Ebury has steadily expanded over the past decade, having compromised over 400,000 hosts since 2009, with about 100,000 still-infected systems identified by the end of 2023, according to SecurityWeek.
The Department of Defense will evaluate the cybersecurity of mobile devices used by analysts and servicemembers as mandated in the draft text of the 2025 National Defense Authorization Act, Nextgov/FCW reports.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news