OTX BotApr 30

DDoS-for-Hire Operation Exposed: How an Operator's Debug Build Unraveled a Commercial Game-Server Botnet

An exposed open directory on a Netherlands-hosted server revealed the complete operational toolkit of xlabs_v1, a Mirai-derived IoT botnet operated by an actor using the handle Tadashi. The operation provides DDoS-for-hire services specifically targeting game servers and Minecraft hosts through 21 distinct flood attack variants. The botnet exploits Android Debug Bridge (ADB) on TCP/5555 to compromise over 4 million potentially vulnerable IoT devices including Android TV boxes, smart TVs, and routers. The operation features bandwidth profiling to price-tier infected devices, ChaCha20 string encryption with cryptographic weaknesses, and competitor-eradication routines. Infrastructure analysis consolidated the entire operation within a single bulletproof /24 netblock in the Netherlands, with co-located cryptojacking infrastructure also identified.

Pulse ID: 69f25f09e5c3a33611f7cb16
Pulse Link: https://otx.alienvault.com/pulse/69f25f09e5c3a33611f7cb16
Pulse Author: AlienVault
Created: 2026-04-29 19:42:01

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Android #ChaCha20 #CryptoJacking #CyberSecurity #DDoS #DoS #Encryption #InfoSec #IoT #Minecraft #Mirai #OTX #OpenThreatExchange #RAT #TCP #TheNetherlands #bot #botnet #AlienVault

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange
FLOSSbOxINMar 13
@sirfharu I reported that coinbase (crypto spam) and blocked as well my end. The one in your neighbourhood post.
When did mastodon start to have these spammers? No place they seem to have spared.
#banspam #cryptojacking #spam
@masto.social
Security IncidentsDec 1
Sicherheitslücke bei Upbit #Sicherheitslücke #Cryptojacking #Diebstahl #Kryptowährung #TeamInfoSec #cyberangriff https://www.security-incidents.de/sicherheitsvorfaelle/sicherheitsluecke_bei_upbit-11212.php
Sicherheitslücke bei Upbit

Mehr als 30 Millionen USD in Solana-Token von Kryptobörse gestohlen.

Compliance Essentials GmbH
Security IncidentsNov 13
Sicherheitslücke bei Balancer Labs #Sicherheitslücke #Cryptojacking #Diebstahl #Kryptowährung #TeamInfoSec #cyberangriff https://www.security-incidents.de/sicherheitsvorfaelle/sicherheitsluecke_bei_balancer-labs-11072.php
Sicherheitslücke bei Balancer Labs

Hackerangriff auf DeFi-Protokoll: 120 Millionen Dollar gestohlen.

Compliance Essentials GmbH
Hackread.comOct 29, 2025

Hackers are hijacking corporate #XWiki servers using flaw CVE-2025-24893 to install cryptominers and gain full server access. Patch now. 🔒

Read: https://hackread.com/hackers-hijack-xwiki-servers-crypto-mining/

#CyberSecurity #RCE #Cryptojacking #XWiki #InfoSec

Hackers Hijack Corporate XWiki Servers for Crypto Mining

Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

Security IncidentsSep 29, 2025
Node Package Manager (NPM): Sicherheitsvorfall #Malware #Phishing #Cryptojacking #Supply Chain #TeamInfoSec #cyberangriff https://www.security-incidents.de/sicherheitsvorfaelle/sicherheitsvorfall-node-package-WW-10696.php
Node Package Manager (NPM): Sicherheitsvorfall

Supply-Chain-Angriff: Entwicklerkonto verteilt Schadsoftware.

Compliance Essentials GmbH
Security IncidentsSep 24, 2025
Steam-Nutzer: Sicherheitsvorfall #Malware #Cryptojacking #Betrug #Manipulation #TeamInfoSec #cyberangriff https://www.security-incidents.de/sicherheitsvorfaelle/sicherheitsvorfall-steam-nutzer-WW-10656.php
Steam-Nutzer: Sicherheitsvorfall

Spiel als Trojanisches Pferd: Malware in Game versteckt.

Compliance Essentials GmbH
TechNaduSep 10, 2025

⚠️ LunoBotnet: A modular Linux botnet with cryptomining + DDoS-for-hire.
✔️ Self-healing watchdogs
✔️ System binary replacement
✔️ Targets Roblox, Minecraft, Valve
✔️ Markets services via Telegram
Experts call it a criminal infrastructure platform for long-term monetization.

💬 How do you rate the detection difficulty here? Follow @technadu for analysis.

#Cyble #LunoBotnet #LinuxMalware #Cryptojacking #DDoS #Botnet #SelfHealing #Malware #CyberThreatIntel

The DefendOps DiariesSep 9, 2025

Misconfigured Docker APIs are a hacker’s gateway to secret crypto-mining—thanks to Tor, stopping them is tougher than ever. Is your cloud truly secure?

https://thedefendopsdiaries.com/securing-docker-apis-navigating-the-threat-landscape/

#dockersecurity
#cybersecurity
#cloudsecurity
#cryptojacking
#tor

Hackread.comSep 4, 2025

Watch Out: A new malware hijacking Windows Character Map to mine #crypto on a targeted device, exposing risks of attacks in everyday software processes.

Read: https://hackread.com/new-malware-uses-windows-character-map-cryptomining/

#CyberSecurity #Malware #Cryptomining #Cryptojacking #Windows

New Malware Uses Windows Character Map for Cryptomining

Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto