Threat actors have updated the FreakOut Python botnet, also known as Necro or N3Cr0m0rPh, to attack vulnerable digital video recorders, BleepingComputer reports.
Researchers at Juniper Threat Labs warned that an exploit for a CVE-less vulnerability is being used to target Visual Tools DVR VX16 188.8.131.52 from visual-tools.com, adding that successful attacks against a DVR device could enable lateral movement in internal networks, as well as the inclusion of the device to the botnet's distributed denial of service arsenal. Threat actors who are able to scan vulnerable systems will leverage the exploit to obtain access and facilitate XMRig Monero miner installation on the DVR device.
Aside from having brute-force spreading and network detecting capabilities, the FreakOut botnet also includes a domain generation algorithm leveraged in command and control, as well as download servers, according to researchers. However, the new botnet has been found to feature a DGA script injection URL and new DDoS-supporting TOR Socks proxies, but no SMB scanner, unlike older samples.