Medusa botnet returns as a Mirai-based variant with ransomware sting


A new version of the Medusa DDoS (distributed denial of service) botnet, based on Mirai code, has appeared in the wild, featuring a ransomware module and a Telnet brute-forcer.

Medusa is an old malware strain (not to be confused with the same-name Android trojan) being advertised in darknet markets since 2015, which later added HTTP-based DDoS capabilities in 2017.

Cyble has told BleepingComputer that this new variant they spotted in the wild is the continuation of that old malware strain. It’s newest version is based on the leaked source code of the Mirai botnet, inheriting its Linux targeting capabilities and extensive DDoS attack options.

Moreover, Medusa is now promoted as a MaaS (malware-as-a-service) for DDoS or mining via a dedicated portal. It promises service stability, client anonymity, support, an easy-to-use API, and adjustable cost based on specific needs.

Read more…