A crypto mining botnet operation, going for almost a year, is hijacking web shells of other hackers, according to report from Positive Technologies. Researchers have linked the source of the dangerous botnet to Neutrino gang.
Back in 2017, Neutrino (aka Kasidet) was a dangerous trojan that launched DDoS attacks, recorded keystrokes and installed malware on desktops. However, the people behind Neutrino went off the radar for a long time.
However, it appears like the group is back. And this time, its target seems to be other malware botnet’s infected hosts. According to the researchers at Positive Technologies, Neutrino has been searching the web for different types of PHP web shells to hijack.
Web shells are malicious scripts that hackers plant in web applications that they have already compromised. The purpose is to maintain persistent access to enable malicious tasks remotely.