Application security, Threat Management

Vulnerable video DVRs targeted by updated FreakOut botnet

Threat actors have updated the FreakOut Python botnet, also known as Necro or N3Cr0m0rPh, to attack vulnerable digital video recorders, BleepingComputer reports.

Researchers at Juniper Threat Labs warned that an exploit for a CVE-less vulnerability is being used to target Visual Tools DVR VX16 from, adding that successful attacks against a DVR device could enable lateral movement in internal networks, as well as the inclusion of the device to the botnet's distributed denial of service arsenal. Threat actors who are able to scan vulnerable systems will leverage the exploit to obtain access and facilitate XMRig Monero miner installation on the DVR device.

Aside from having brute-force spreading and network detecting capabilities, the FreakOut botnet also includes a domain generation algorithm leveraged in command and control, as well as download servers, according to researchers. However, the new botnet has been found to feature a DGA script injection URL and new DDoS-supporting TOR Socks proxies, but no SMB scanner, unlike older samples.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.