tldr - powered by Generative AI
The Ebury Linux botnet has been expanding over the past decade, infecting over 400,000 servers and targeting cryptocurrency wallets and credit card data for financial gain.
- Ebury botnet has infected over 400,000 hosts since 2009, targeting servers of hosting providers for financial gain.
- The operators use zero-day vulnerabilities to compromise servers, steal cryptocurrency wallets, and eavesdrop on network traffic for credit card data.
- The malware is deployed with root privileges, using credential stuffing, hypervisor access, compromised hosting providers, and SSH adversary-in-the-middle techniques.
- The botnet's operators have targeted Tor exit nodes, Bitcoin and Ethereum nodes, and other threat actors' infrastructure to steal data and perform web traffic redirection.
Tags:
Ebury botnet
financial gain
zero-day vulnerabilities
SSH attacks