In a few days back, the MalwareMustDie team’s security researcher unixfreaxjp has published a new Linux malware analysis of Fbot that has focused on the decryption of the last encryption logic used by its bot client.
This is not the first time Fbot analysis has been published, and also Fbot binaries have been actively infecting the IoT devices since way before 2018.
This article explains what we have learned about the Fbot traced back from the year of 2014. And will discuss the mysteries that can be seen after Fbot has been detected.
The background before Fbot Mirai variant
Fbot is one of the Mirai’s variants, and Mirai is the Linux malware that originally has been detected in August 2016 by the same team who wrote the last analysis mentioned above. On the boom of Mirai source code leaks by its malware coder (nickname: AnnaSenpai), followed by the sharing of its source code openly in the Github within only a month after the analysis report has been published, a lot of young hackers involved in the “DDoS criminal ecosystem”, who had been actively using IoT devices for the DDoS purpose before Mirai malware was born, were racing in a big wave to learn ho ..
Support the originator by clicking the read the rest link below.
