KashmirBlack is an active botnet that is currently targeting various CMS based websites.
The “KashmirBlack” campaign, which is believed to have started around November 2019, aims for popular CMS platforms such as WordPress, Joomla!, PrestaShop, Magneto, Drupal, Vbulletin, OsCommerence, OpenCart, and Yeager.
Researchers have reported that the botnet has a well-designed infrastructure and it is easy to add or improve any extra feature in it. Botnet has all the essential features which makes it hard to detect and can easily camouflage itself.
A long research has unveiled that the botnet is mainly connected to a C2 server which sends out commands for the botnet to find a new target for itself. The server allows the botnet to spread and expand in a very swift manner.
PHPUnit RCE vulnerability (CVE-2017-9841) is used by the botnet to infect customers with next-stage malicious payloads that communicate with the C2 server. Researchers have found two separate repositories are being used by KashmirBlack botnet.
One to host exploits and payloads, and the other to store the malicious script for communication with the C2 server. The most alarming part about the botnet is the speed of extension that it is showing. KashmirBlack is one of the fastest growing and exploiting botnet that has ever come up.
NPAV recommends users to always keep you guard up against these malicious components. Botnets can enter your system in many ways so always keep a security layer between you system and any file that is entering your system.
Install NPAV on your devices to keep them protected from all kinds of cyber attacks. Use NPAV and join us on a mission to secure the cyber world.