#Kimwolf #Botnet Lurking in Corporate, Govt. Networks

https://krebsonsecurity.com/2026/01/kimwolf-botnet-lurking-in-corporate-govt-networks/

#cybersecurity #malware

#Kimwolf #Botnet Lurking in Corporate, Govt. Networks

A new #IoT botnet called Kimwolf has spread to more than 2 million devs, forcing infected systems to participate in massive #DDoS attacks & to relay other malicious & abusive Internet traffic. Kimwolf’s ability to scan the local networks of #compromised systems for other IoT devices to infect makes it a sobering threat to organizations…surprisingly prevalent in government and corporate networks.
#security #privacy

https://krebsonsecurity.com/2026/01/kimwolf-botnet-lurking-in-corporate-govt-networks/

EtherRAT Targeting Windows Disguised as a Game Mod Installer

A Windows variant of EtherRAT, a JavaScript-based malware, has been discovered disguised as game mod installers. The malware uses MSI files to create and execute obfuscated scripts that decrypt and run the main payload. EtherRAT retrieves its Command and Control (C2) server addresses dynamically through Ethereum smart contracts, employing anti-analysis techniques and establishing persistence via Registry Run keys. The malware's infrastructure has been linked to the Tsundere Botnet, sharing C2 servers and smart contract similarities. Analysis revealed multiple contract addresses and wallet addresses associated with the attacker, indicating an expanding and evolving operation targeting both Windows and Linux systems.

Pulse ID: 6970c8427c1fd561ba4d962a
Pulse Link: https://otx.alienvault.com/pulse/6970c8427c1fd561ba4d962a
Pulse Author: AlienVault
Created: 2026-01-21 12:36:18

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #Java #JavaScript #Linux #Malware #OTX #OpenThreatExchange #RAT #Windows #bot #botnet #AlienVault

XWorm 🪱 slithers up three spots to rank #6, with a +118% ⏫ increase in #botnet C&Cs between July and December 2025—now the 3rd most observed Remote Access Trojan (RAT).

Get the full list and read the FREE report here 🔎
https://www.spamhaus.org/resource-hub/botnet-c-c/botnet-threat-update-july-to-december-2025/

#Malware #BotnetCC #ThreatIntel

New.

"Kimwolf has spread to more than 2 million devices, forcing infected systems to participate in massive distributed denial-of-service (DDoS) attacks and to relay other malicious and abusive Internet traffic."

KrebsonSecurity: Kimwolf Botnet Lurking in Corporate, Govt. Networks https://krebsonsecurity.com/2026/01/kimwolf-botnet-lurking-in-corporate-govt-networks/ @briankrebs #botnet #infosec #IoT #DDoS #threatresearch #malware

New, from me: The Kimwolf Botnet is Lurking in Corporate, Govt. Networks

A new Internet-of-Things botnet called Kimwolf has spread to more than 2 million devices, forcing infected systems to participate in massive distributed denial-of-service (DDoS) attacks and to relay other malicious and abusive Internet traffic. Kimwolf’s ability to scan the local networks of compromised systems for other IoT devices to infect makes it a sobering threat to organizations, and new research reveals Kimwolf is surprisingly prevalent in government and corporate networks.

https://krebsonsecurity.com/2026/01/kimwolf-botnet-lurking-in-corporate-govt-networks/

#botnet #infosec #IoT #DDoS #threatresearch #malware

Analyzing React2Shell Threat Actors

This report analyzes the exploitation of CVE-2025-55182, known as React2Shell, a critical vulnerability in React Server Components. It examines various attack payloads, including credential harvesters, reverse shells, and botnet loaders. The analysis reveals rapid weaponization of the vulnerability, with attackers employing sophisticated techniques like fileless downloaders, raw TCP stagers, and creative use of framework errors. The report also highlights the top 10 exploited CVEs for December, with React2Shell quickly rising to the second most targeted vulnerability. Key indicators of compromise and recommended mitigation strategies are provided to help organizations defend against these threats.

Pulse ID: 696b8bd46b346ef957af57ad
Pulse Link: https://otx.alienvault.com/pulse/696b8bd46b346ef957af57ad
Pulse Author: AlienVault
Created: 2026-01-17 13:17:08

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #OTX #OpenThreatExchange #RAT #TCP #Vulnerability #bot #botnet #AlienVault