All news with #mirai tag

Hundreds of Malware Android Apps Downloaded 42 Million

📱 Security researchers at Zscaler report a 67% year-on-year rise in Android-targeted malware after finding 239 malicious apps on Google Play that were downloaded 42 million times. The analysis covers more than 20 million mobile requests observed between June 2024 and May 2025 and highlights productivity and Tools apps as common vectors. Sectors such as manufacturing and energy were disproportionately targeted, with the energy sector seeing a 387% spike in mobile attacks.

RondoDox botnet rapidly exploits 56 n-day flaws worldwide

⚠️ RondoDox is a large-scale botnet actively exploiting 56 n-day vulnerabilities across more than 30 device types, including DVRs, NVRs, CCTV systems, routers, and web servers. Trend Micro researchers describe the campaign as using an exploit shotgun strategy, firing numerous exploits simultaneously to maximize infection despite generating noisy activity. The actor has weaponized flaws disclosed at events such as Pwn2Own and continues to expand its arsenal, including both recent CVEs and older end-of-life vulnerabilities. Recommended defenses include applying firmware updates, replacing EoL devices, segmenting networks, and removing default credentials.

GeoServer Exploits, PolarEdge, Gayfemboy Expand Cybercrime

🛡️ Cybersecurity teams report coordinated campaigns exploiting exposed infrastructure and known flaws to monetize or weaponize compromised devices. Attackers have abused CVE-2024-36401 in GeoServer to drop lightweight Dart binaries that monetize bandwidth via legitimate passive-income services, while the PolarEdge botnet and Mirai-derived gayfemboy expand relay and DDoS capabilities across consumer and enterprise devices. Separately, TA-NATALSTATUS targets unauthenticated Redis instances to install stealthy cryptominers and persistence tooling.

Resurgence of Mirai-Based IoT Malware: Gayfemboy Campaign

🛡️ FortiGuard Labs reports the resurgence of a Mirai-derived IoT malware family, publicly known as “Gayfemboy,” which reappeared in July 2025 targeting vulnerabilities in DrayTek, TP-Link, Raisecom, and Cisco devices. The campaign delivers UPX-packed payloads via predictable downloader scripts named for product families and uses a modified UPX header and architecture-specific filenames to evade detection. At runtime the malware enumerates processes, kills competitors, implements DDoS and backdoor modules, and resolves C2 domains through public DNS resolvers to bypass local filtering. FortiGuard provides AV detections, IPS signatures, and web-filtering blocks; organizations should patch and apply network defenses immediately.