Ebury Botnet Expanding: Malware Steals Cryptocurrency
The operators of Ebury have diversified their illicit activities to include spam distribution, web traffic redirection, credential theft, and notably, cryptocurrency theft
ESET Research has revealed that the Ebury botnet, a powerful malware campaign targeting servers, remains active and expanding. Originally identified for its capabilities as a server-side backdoor, Ebury has compromised approximately 400,000 Linux, FreeBSD, and OpenBSD servers, with over 100,000 still affected as of late 2023. The operators of Ebury have diversified their illicit activities to include spam distribution, web traffic redirection, credential theft, and notably, cryptocurrency theft. The botnet continues to pose a significant challenge to cybersecurity, affecting a wide range of victims worldwide, including ISPs, universities, and cryptocurrency traders.