Security
Headlines
HeadlinesLatestCVEs

Headline

Microsoft Alert: DDoS Botnet Hit Private Minecraft Servers

By Waqas Dubbed “MCCrash” by Microsoft, the DDoS botnet is currently targeting private Minecraft servers globally. This is a post from HackRead.com Read the original post: Microsoft Alert: DDoS Botnet Hit Private Minecraft Servers

HackRead
#mac#windows#google#microsoft#linux#ddos#dos#botnet#ssh

According to Microsoft, this is an unusual DDoS botnet boasting a unique design that lets it infiltrate Linux systems despite the malware being downloaded from Windows devices.

Remember when, earlier in January this year, a massive DDoS attack targeted a Minecraft event, which took down the internet service of the entire country of Andora? Well, now, a new threat has surfaced, whose target is, yet again, Minecraft servers.

Microsoft has published a warning about a cross-platform botnet designed to launch DDoS attacks (distributed denial of service attacks) against private Minecraft servers.

MCCrash botnet targets users in Russia, Belarus, Czechia, Ukraine, Uzbekistan, Italy, Nigeria, India, Cameroon, Indonesia, Columbia, and Mexico. Microsoft is tracking the botnet’s activities under the moniker DEV-1028.

MCCrash Capabilities

According to Microsoft researchers David Atch, Maayan Shaul, Mae Dotan, Yuval Gordon, and Ross Bevington, this is an unusual botnet boasting a unique design that lets it infiltrate Linux systems despite the fact that the malware is downloaded from Windows devices.

When the malware is removed from the infected device, the MCCrash mechanism allows it remains persistent on the unmanaged IoT devices connected to the network and keep operating.

How Does MCCrash Spread?

MCCrash spread by numbering default credentials on internet-exposed SSH (secure shell) enabled devices. Since IoT devices are usually designed for remote configuration with insecure settings, these devices can be at risk of botnet attacks.

Microsoft didn’t disclose the exact scope of this campaign. The company noted that the botnet’s initial infection point is an array of compromised machines, which it infected using cracking tools that promise illegal Windows licenses. The software then executes a Python payload containing the core features of the botnet.

This includes scanning for SSH-enabled Linux devices to launch a dictionary attack. When the Linux host is breached through the propagation method, the same Python payload runs DDoS commands, one of which attacks explicitly Minecraft servers and crashes them. Microsoft claims it is highly effective and could be offered as a service on hacking forums.

Screenshot 1 shows cracking tools used to spread the DDoS botnet – Screenshot 2: The DDoS botnet attack flow (Credit: Microsoft)

“This type of threat stresses the importance of ensuring that organizations manage, keep up to date, and monitor not just traditional endpoints but also IoT devices that are often less secure,” Microsoft’s blog post noted.

  1. Minecraft declared the most malware-infected game
  2. Malware-infected Minecraft modpacks hit Google Play Store
  3. RapperBot malware targets gaming servers with DDoS attacks
  4. 50,000 Minecraft users infected with hard drive wiping malware
  5. Malicious Minecraft apps on Play Store scamming millions of users

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

HackRead: Latest News

Facebook Malvertising Campaign Spreads Malware via Fake Bitwarden