The gz attachment of the “Payment Advice - Ref: [HSBC1057029141] /RFQ Priority Payment / Customer Ref: [PI10771QT90]” email contains an exe file: the malware.
Cybercrime: here it comes HinataBot, a new Go-based, DDoS- botnet
Here it comes HinataBot, a new Go-based DDoS- botnet. Akamai cybersecurity experts: The malware exploits protocols such as HTTP and UDP to send traffic
HinataBot is a new Go-based, DDoS-focused botnet operating in the wild. Akamai cybersecurity experts discovered it. The malware was seen being distributed during the first three months of 2023 and is actively being updated by the authors/operators. The sample was discovered in HTTP and SSH honeypots abusing old vulnerabilities and weak credentials. Infection attempts observed include exploitation of the miniigd SOAP service on Realtek SDK devices (CVE-2014-8361), Huawei HG532 routers (CVE-2017-17215), and exposed Hadoop YARN servers (CVE N/A). HinataBot employs various methods of communication, including both dialing out and listening for incoming connections, and has been observed with distributed denial-of-service (DDoS) flooding attacks that utilize protocols such as HTTP, UDP, TCP, and ICMP to send traffic. However, in the latest version, it has narrowed down its attack methods to only HTTP and UDP attacks.