DarkCrewFriends Returns with Botnet Strategy

The hackers-for-hire group DarkCrewFriends has resurfaced and is targeting content management systems to build a botnet. The botnet can be marshalled into service to carry out a variety of criminal activities, including distributed denial-of-service (DDoS) attacks, command execution, information exfiltration or sabotage of an infected system.

Researchers said they observed DarkCrewFriends exploiting an unrestricted file upload vulnerability to compromise PHP servers that run websites. After compromise, a malicious PHP web shell is installed as a backdoor, which in turn sets up a connection to a command-and-control (C2) server using an Internet Relay Chat (IRC) channel, according to Check Point researchers Liron Yosefian and Ori Hamama.

Read more…
Source: ThreatPost