Cybersecurity researchers MalwareHunterTeam has uncovered a new botnet malware type it has dubbed GhostAdmin that is alive and working in the wild.
GhostAdmin allows cybercriminals to take control of a computer using an Internet Relay Chat (IRC) channel, according to BleepingComputer MalwareHunterTeam believes the new botnet is an updated version of the old CrimeScene botnet malware.
“The malware works by infecting computers, gaining boot persistence, and establishing a communications channel with its command and control (C&C) server, which is an IRC channel,” BleepingComputer wrote.
Once this is accomplished GhostAdmin accesses the IRC channel and begins to issue commands to its botnet army of infected computers.
The researchers were able to access one GhostAdmin user named Jarad who managed to infect his own computer with the malware helping MalwareHunterTeam gain access to the FTP server being used. Here they found screenshots of Jarad's computer and data from an internet cafew and an unnamed lottery company. The data stolen includes names, dates of births, phone numbers, emails, addresses, employer information.