Cybersecurity researchers warn of the constant risks provided by distributed malicious software refusal (DDOS) XorddosFrom 71.3 percent of the attacks between November 2023 and February 2025, sent to the US.
“From 2020 to 2023, Trojan Xorddos has increased significantly in prevalence,” Cisco Talos Joey researcher – Note In the Thursday analysis.
“This trend is not only due to the widespread global distribution of the Triana XordDOS, but also to the impact on the malicious DNS-related and control (C2).
Almost 42 percent of compromised devices are located in the US, then Japan, Canada, Denmark, Italy, Morocco and China.
XordDos is a well-known malicious software that has the results of bright Linux systems for over ten years. In May 2022 Microsoft report A significant surge of XordDOS activity, with infections opening the path to malware for cryptocurrency mining, such as tsunami.
The primary original access path provides for safe shells (SSH) to get valid SSH credentials and then download and install malicious software on vulnerable IoT and other internet -related devices.
After successful installation, the malicious software creates persistence using a built -in initialization script and Cron’s assignment to run automatically when running the system. It also uses the XOR “BB2Fa36AAAAAAA9541F0” key to decrypt the configuration that is present inside itself to get the IP -ADRAPS required to communicate C2.
Thalas said it was observed in 2024. The new version of the XordDos Current, called VIP -versionAnd its relevant central controller, as well as a builder indicating that the product is probably advertised for sale.
The Central Controller is responsible for managing several XordDOS -controlled XordDos and at the same time sending DDOS commands. Each of these undercurrent, in turn, is commanding botnet infected devices.
“The settings of the multilayer controller, the Builder XordDOS and the controller’s tie are strongly indicating that operators are Chinese,” Chen said.
