Jump to content

First-ever malware strain spotted abusing new DoH (DNS over HTTPS) pro


Recommended Posts

securitybreach
Posted

Security researchers from Netlab, a network threat hunting unit of Chinese cyber-security giant Qihoo 360, have discovered the first ever malware strain seen abusing the DNS over HTTPS (DoH) protocol.

 

The malware, named Godlua, was detailed in a report published on Monday by the company's researchers.

 

According to the Netlab team, Godlua is a malware strain written in Lua, which acts like a backdoor on infected systems.

 

It's written to work on Linux servers, attackers are using a Confluence exploit (CVE-2019-3396) to infect outdated systems, and early samples uploaded on VirusTotal have mislabeled it as a cryptocurrency miner.

 

But Netlab researchers say the malware actually works as a DDoS bot and they've already seen it being used in attacks, with one aimed against liuxiaobei.com, the homepage of a Liu Xiaobei fan site...........

 

https://www.zdnet.com/article/first-ever-malware-strain-spotted-abusing-new-doh-dns-over-https-protocol/

  • Like 3
Posted

I hope users notice this is designed to attack Linux based systems. Sadly, some think if they switch to Linux, they are safe. That is not true.

  • Like 1

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...