Jump to content

First-ever malware strain spotted abusing new DoH (DNS over HTTPS) pro

Recommended Posts

Security researchers from Netlab, a network threat hunting unit of Chinese cyber-security giant Qihoo 360, have discovered the first ever malware strain seen abusing the DNS over HTTPS (DoH) protocol.


The malware, named Godlua, was detailed in a report published on Monday by the company's researchers.


According to the Netlab team, Godlua is a malware strain written in Lua, which acts like a backdoor on infected systems.


It's written to work on Linux servers, attackers are using a Confluence exploit (CVE-2019-3396) to infect outdated systems, and early samples uploaded on VirusTotal have mislabeled it as a cryptocurrency miner.


But Netlab researchers say the malware actually works as a DDoS bot and they've already seen it being used in attacks, with one aimed against liuxiaobei.com, the homepage of a Liu Xiaobei fan site...........



  • Like 3

Share this post

Link to post
Share on other sites

I hope users notice this is designed to attack Linux based systems. Sadly, some think if they switch to Linux, they are safe. That is not true.

  • Like 1

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Create New...