Jump to content

First-ever malware strain spotted abusing new DoH (DNS over HTTPS) pro


securitybreach

Recommended Posts

securitybreach

Security researchers from Netlab, a network threat hunting unit of Chinese cyber-security giant Qihoo 360, have discovered the first ever malware strain seen abusing the DNS over HTTPS (DoH) protocol.

 

The malware, named Godlua, was detailed in a report published on Monday by the company's researchers.

 

According to the Netlab team, Godlua is a malware strain written in Lua, which acts like a backdoor on infected systems.

 

It's written to work on Linux servers, attackers are using a Confluence exploit (CVE-2019-3396) to infect outdated systems, and early samples uploaded on VirusTotal have mislabeled it as a cryptocurrency miner.

 

But Netlab researchers say the malware actually works as a DDoS bot and they've already seen it being used in attacks, with one aimed against liuxiaobei.com, the homepage of a Liu Xiaobei fan site...........

 

https://www.zdnet.com/article/first-ever-malware-strain-spotted-abusing-new-doh-dns-over-https-protocol/

  • Like 3
Link to comment
Share on other sites

I hope users notice this is designed to attack Linux based systems. Sadly, some think if they switch to Linux, they are safe. That is not true.

  • Like 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...