RT @TuringAlex: 🚨 #IOC #Backdoor Identified low-detection #ELF samples on VT with a VMP-like shell, 🤔. Analysis of the dumped config confi….

RT @TuringAlex: 🚨#APT #Higaisa Another intriguing discovery was the file 91f0ebb41949f14d16f1c70a4086cb45 utilized #AppImage as a "packing….

#XLAB's Analysis Report on the RapperBot Botnet with Over 50,000 Bots

Observing Iran's Network Fluctuations Through XLAB Passive DNS Data

Pickai is a lightweight backdoor written in C++, designed to support remote command execution and reverse shell access. It is currently infecting the AI workflow management framework ComfyUI. #XLAB

RT @TuringAlex: #IOC @rubick_ai Your servers are pwned! Attackers are leveraging them to serve up downloads for the #PickAI #backdoor. Th….

At Botconf 2025, we have two talks, come and see! #xlab

Last week, KrebsOnSecurity was hit by a massive DDoS attack peaking at 6.3 Tbps. Reports suggest that the attack may be linked to the Airashi botnet. Observations from #XLAB confirm that the Airashi botnet was indeed involved, with the attack occurring in the UTC+8 time zone.

RT @TuringAlex: 🚨#Speculoos #Backdoor 3db8e26f059e8b1fd3bbb96c052cfe4a belongs to #APT41 #WINNTI, has stayed undetected since 2023.04.23.….

Our latest blog dives into a new variant of #Vo1d #botnet. C2 sinkhole data reveals it has infected 1.6M Android TVs across 200+ countries. Now leveraging RSA , its network can remains secure even if researchers register DGA C2s

Evolved from AISURU, AIRASHI uses a 0DAY cnPilot router vulnerability for spreading, employs advanced encryption for C2 comms, and has stable T-level DDoS attack capabilities. The botnet also mocks XLAB and security researchers with its C2 domain names

RT @TuringAlex: 🚨Initially thought to be a new #IOCONTROL sample from Germany on VT, turned out to be a UPX magic tweak—"ABC!" to "GBC!". D….

Our latest blog on the #Gayfemboy botnet, a unique and aggressive variant of Mirai that has been active since February 2024. It leverages 0-day exploit to target IoT devices and has over 15,000 daily active nodes(we registered the c2 domin)

Our latest blog: Glutton: A Zero-Detection PHP Backdoor, APT group Winnti is using this stealthy malware to infiltrate and exploit mainstream PHP frameworks—targeting cybercriminals themselves.

Our team has discovered a zero-detection variant of the Melofee backdoor, linked to the Winnti group, targeting RHEL 7.9 systems.

Our latest blog : Darkcracks, a sophisticated, high-persistence, and highly stealthy payload delivery and upgrade framework with 0 VT detection. Some infrastructures such as Brazil’s public transportation system, prison visitor systems have been exploited

Our latest blog: Steam was hit by a major DDoS attack during peak playtime for Black Myth: Wukong. The AISURU botnet, claiming up to 2 Tbps attack power, was the main culprit. It seems someone wanted to spoil the fun for Wukong players.

We’ve published a quick overview of the recent DDoS attack that disrupted the Trump-Musk livestream on X. See details here .

Apparently a whole bunch of DDos botnets are launching attacks at X starting from about 2 hours ago