Threat actors have used the AVrecon botnet malware, which was initially reported by Lumen Black Lotus to have been compromising small office/home office routers, to support the SocksEscort malware proxy service, which allows renting of hacked devices for location concealment, The Hacker News reports.
Such attribution was based on the connection between AVrecon's command-and-control servers and the SocksEscort proxy service, according to a report from KrebsOnSecurity and Spur.us. Shell spawning on compromised machines is also possible with AVrecon, which could result in malicious traffic obfuscation and additional malware retrieval.
"While these bots are primarily being added to the SocksEscort proxy service, there was embedded functionality within the file to spawn a remote shell. This could allow the threat actor the ability to deploy additional modules, so we suggest that managed security providers attempt to investigate these devices in their networks, while home users should power-cycle their devices," said researchers.
Google announced at the Google I/O 2024 conference that several new security and privacy enhancements are set to roll out for Android, including on-device live threat detection for identifying malicious apps, improved safeguards for screen sharing, and enhanced security against cell site simulators, TechCrunch reports.
The botnet malware tracked as Ebury has steadily expanded over the past decade, having compromised over 400,000 hosts since 2009, with about 100,000 still-infected systems identified by the end of 2023, according to SecurityWeek.
The Department of Defense will evaluate the cybersecurity of mobile devices used by analysts and servicemembers as mandated in the draft text of the 2025 National Defense Authorization Act, Nextgov/FCW reports.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news