Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

The Nuke HTTP bot Malware offered for sale on a Dark Web forum

The security researchers at security firm Sixgill discovered a new malware dubbed Nuke HTTP bot offered for sale on a forum in the Dark Web. Darknets are the right places where to find illegal product and services, it is quite easy to find malicious code and also botnets of any type. On December 16th, a […]

The Nuke HTTP bot Malware offered for sale on a Dark Web forum

The security researchers at security firm Sixgill discovered a new malware dubbed Nuke HTTP bot offered for sale on a forum in the Dark Web.

Darknets are the right places where to find illegal product and services, it is quite easy to find malicious code and also botnets of any type.

On December 16th, a new malware dubbed Nuke HTTP bot was discovered by the security researchers at security firm Sixgill on a popular cybercrime forum in the dark web. The author of the malware, who goes by the moniker Gosya, claims the malicious code was developed from scratch. Nuke was offered for $4,000, a good price for such kind of commodity.

Researchers at Sixgill who analyzed the Nuke malware confirmed that the malware request a significant skill for its development. The authors of the malware implemented sophisticated features, including the ability to inject malicious code on Firefox and Chrome browsers.

Nuke is also able to get through User Account Control (UAC) and Windows Firewall executions, and it supports both 32-bit and 64-bit systems.

Nuke HTTP bot

Below the full list of featured implemented in the Nuke HTTP bot:

– SOCKS proxy module
– Formgrabber and Web-Injection module
– Remote EXE file launcher module
– Hidden VNC module for WinXP-Win10
– Rootkit for 32-Bit and 64-Bit machines
– Bot-killer – a mini anti-virus meant to remove all competing malware from the infected machine, if any are present.

The SOCKS proxy module allows the malware to retrieve data from the infected machine and send it back to the C&C server. Another interesting feature it the so-called “bot killer,” that indicated the capability of the malicious code of removing all other existing malware on the target machine.

The malicious code is very small in size, just 83kb when uncompressed.

“Nuke HTTP Bot boasts a fairly small file size of just 83kb uncompressed, and 54kb compressed. The detection rate at the moment of writing this article is extremely low as well. Gosya presented evidence supporting the fact the malware is currently undetected by mainstream AV engines.” reads the analysis published by Sixgill.

Researchers at Sixgill are monitoring the diffusion of the Nuke HTTP bot in the wild and are supporting law enforcement in the investigation.

“A test version was already found in the wild by Netscout’s Arbor Networks. The author went on and mentioned that he is aware of it. The analyzed variation was a test version of the malware. The current version, according to Gosya, has much of the inner workings changed since Arbor’s report was published.” states the report.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Nuke HTTP bot, Dark web)