Microsoft on Thursday flagged a cross-platform botnet that’s primarily designed to launch distributed denial-of-service (DDoS) attacks against private Minecraft servers.
Called MCCrash, the botnet is characterized by a unique spreading mechanism that allows it to propagate to Linux-based devices despite originating from malicious software downloads on Windows hosts.
“The botnet spreads by enumerating default credentials on internet-exposed Secure Shell (SSH)-enabled devices,” the company said in a report. “Because IoT devices are commonly enabled for remote configuration with potentially insecure settings, these devices could be at risk to attacks like this botnet.”
This also means that the malware could persist on IoT devices even after removing it from the infected source PC. The tech giant’s cybersecurity division is tracking the activity cluster under its emerging moniker DEV-1028.
A majority of the infections have been reported in Russia, and to a lesser extent in Kazakhstan, Uzbekistan, Ukraine, Belarus, Czechia, Italy, India, Indonesia, Nigeria, Cameroon, Mexico, and Columbia. The company did not disclose the exact scale of the campaign.
images from Hacker News