{"id":2901,"date":"2024-03-29T13:06:20","date_gmt":"2024-03-29T18:06:20","guid":{"rendered":"https:\/\/www.darkreading.com\/endpoint-security\/themoon-malware-rises-malicious-botnet-for-hire"},"modified":"2024-03-29T13:06:20","modified_gmt":"2024-03-29T18:06:20","slug":"themoon-malware-rises-again-with-malicious-botnet-for-hire","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/03\/29\/themoon-malware-rises-again-with-malicious-botnet-for-hire\/","title":{"rendered":"TheMoon Malware Rises Again with Malicious Botnet for Hire"},"content":{"rendered":"<div class=\"media_block\"><a href=\"https:\/\/i0.wp.com\/eu-images.contentstack.com\/v3\/assets\/blt6d90778a997de1cd\/bltf0d27632c4790c49\/6606fe722485e75aa7d53a81\/moon-Design_Pics_Inc-Alamy.jpg?ssl=1\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/themoon-malware-rises-again-with-malicious-botnet-for-hire.jpg?w=640&#038;ssl=1\" class=\"media_thumbnail\"><\/a><\/div>\n<div><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/themoon-malware-rises-again-with-malicious-botnet-for-hire.jpg?w=640&#038;ssl=1\" class=\"ff-og-image-inserted\"><\/div>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">After disappearing for several years, TheMoon has returned with a botnet army around 40,000 strong, made up of hijacked small home and office (SOHO) devices and available for hire as a proxy service for cybercriminals looking to obscure their traffic origins.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">The <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/endpoint-security\/feds-confirm-remote-killing-volt-typhoon-soho-botnet\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" rel=\"noopener\">cybercrime botnet<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> service, called Faceless, costs less than a dollar per day, according to the researchers at Lumen Technologies&#8217; Black Lotus Labs, who are warning about the return of TheMoon after the malware group disappeared in 2019, before reemerging back on the scene in 2023. By the beginning of 2024, TheMoon had amassed bots from across 88 countries to operate its Faceless service.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">&#8220;We believe these cybercriminals [using Faceless] are using these networks to steal data and information from their victims, including the financial sector,&#8221; Mark Dehus, senior director of threat intelligence at Lumen Black Lotus Labs, said in a statement. &#8220;<\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/blog.lumen.com\/the-darkside-of-themoon\/\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" rel=\"noopener\">TheMoon malware<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> is a serious threat not only to the owners of the compromised SOHO devices, but also the victims exploited through this anonymous proxy network.&#8221;<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">John Gallagher, vice president of Viakoo Labs at&nbsp;Viakoo, noted that the types of endpoints that TheMoon looks to bring to the dark side are somewhat sitting ducks.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">&#8220;IoT devices are designed to be &#8216;set it and forget it,&#8217; leading to their being favored by threat actors even if they are not end of life (they are likely to be unmanaged and not updated),&#8221; he said in an emailed statement. &#8220;This is a much bigger issue for enterprises than consumers.&nbsp;The operators of IoT devices are often cost centers, and there&#8217;s an incentive to not replace equipment unless it isn\u2019t functional anymore.&nbsp;Enterprises offer vast fleets of IoT devices for threat actors to leverage for DDoS and other attack vectors.&#8221;&nbsp;<\/span><\/p>\n<p><a href=\"https:\/\/www.darkreading.com\/endpoint-security\/themoon-malware-rises-malicious-botnet-for-hire\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>After disappearing for several years, TheMoon has returned with a<\/p>\n","protected":false},"author":12,"featured_media":2902,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[809],"class_list":["post-2901","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-dark-reading"],"featured_image_urls":{"full":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/themoon-malware-rises-again-with-malicious-botnet-for-hire-scaled.jpg?fit=2560%2C1707&ssl=1",2560,1707,false],"thumbnail":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/themoon-malware-rises-again-with-malicious-botnet-for-hire-scaled.jpg?resize=150%2C150&ssl=1",150,150,true],"medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/themoon-malware-rises-again-with-malicious-botnet-for-hire-scaled.jpg?fit=300%2C200&ssl=1",300,200,true],"medium_large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/themoon-malware-rises-again-with-malicious-botnet-for-hire-scaled.jpg?fit=640%2C427&ssl=1",640,427,true],"large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/themoon-malware-rises-again-with-malicious-botnet-for-hire-scaled.jpg?fit=640%2C427&ssl=1",640,427,true],"1536x1536":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/themoon-malware-rises-again-with-malicious-botnet-for-hire-scaled.jpg?fit=1536%2C1024&ssl=1",1536,1024,true],"2048x2048":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/themoon-malware-rises-again-with-malicious-botnet-for-hire-scaled.jpg?fit=2048%2C1365&ssl=1",2048,1365,true],"chromenews-featured":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/themoon-malware-rises-again-with-malicious-botnet-for-hire-scaled.jpg?fit=1024%2C683&ssl=1",1024,683,true],"chromenews-large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/themoon-malware-rises-again-with-malicious-botnet-for-hire-scaled.jpg?resize=825%2C575&ssl=1",825,575,true],"chromenews-medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/themoon-malware-rises-again-with-malicious-botnet-for-hire-scaled.jpg?resize=590%2C410&ssl=1",590,410,true]},"author_info":{"display_name":"Dark Reading","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/darkreading\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","jetpack_featured_media_url":"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/themoon-malware-rises-again-with-malicious-botnet-for-hire-scaled.jpg?fit=2560%2C1707&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2901","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=2901"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2901\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media\/2902"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=2901"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=2901"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=2901"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}