CP
cyberpings
Malware & RansomwareHIGH

Malware - New Campaigns Turn Devices Into DDoS and Mining Bots

CSCyber Security News
CondiBotMonacoDDoScryptocurrency miningIoT devices
🎯

Basically, new malware is using your devices to attack others and mine cryptocurrency.

Quick Summary

New malware campaigns are hijacking network devices for DDoS attacks and crypto-mining. Routers and IoT devices are at risk, making immediate action essential. Protect your infrastructure to avoid exploitation.

What Happened

Network security has faced a significant blow with the emergence of two new malware strains. These strains, named CondiBot and Monaco, are designed to exploit routers, IoT devices, and enterprise network equipment. They turn these devices into weapons for large-scale DDoS attacks and covert cryptocurrency mining operations. This marks a troubling trend where threat actors are increasingly targeting the very infrastructure organizations rely on.

On March 6, 2026, security researchers discovered these malware strains, which were previously undocumented. CondiBot is built on the Mirai framework and infects Linux-based devices, enabling them to flood targeted systems with traffic. Meanwhile, Monaco uses brute-force techniques to gain access to devices and deploys Monero mining software. Both strains were not flagged by major threat intelligence platforms, indicating a concerning gap in detection capabilities.

Who's Being Targeted

The primary targets of these malware campaigns include routers, IoT devices, and enterprise network equipment. The Verizon Data Breach Investigation Report from 2025 highlighted an alarming trend: an 8x increase in vulnerability exploits targeting network devices. This indicates that attackers are not just state-sponsored groups but also financially motivated actors looking to exploit the same vulnerabilities.

The growing trend of targeting network infrastructure poses risks for all organizations. With many devices unable to run traditional security agents, attackers can operate undetected for extended periods, making it easier for them to harvest compute power or prepare for larger attacks.

Signs of Infection

Identifying an infection from these malware strains can be challenging. Once CondiBot infects a device, it employs various methods to ensure its persistence. It disables reboot utilities and connects to a command-and-control server, waiting for attack commands. This stealthy approach allows it to maintain control over compromised systems while eliminating competing botnets.

Organizations may notice unusual outbound traffic or unexpected processes running on their network appliances. These signs can indicate that devices are being used for malicious purposes, such as launching DDoS attacks or mining cryptocurrency without the owner's knowledge.

How to Protect Yourself

To mitigate the risks posed by these malware strains, organizations should take immediate action. Here are some recommended steps:

  • Enforce strong, unique SSH credentials and disable default passwords on all internet-facing devices.
  • Implement firmware integrity monitoring for routers, firewalls, and IoT equipment.
  • Apply patches as quickly as possible, given that exploit timelines can be as short as zero days.
  • Monitor for unusual outbound traffic and unexpected processes on network appliances.

By following these guidelines, organizations can enhance their security posture and reduce the likelihood of falling victim to these emerging threats.

🔒 Pro insight: The emergence of CondiBot and Monaco highlights a shift in malware tactics targeting network infrastructure, necessitating urgent updates to security protocols.

Original article from

Cyber Security News · Tushar Subhra Dutta

Read Full Article

Share

Related Pings

HIGHMalware & Ransomware

Ransomware - Marquis Reports Data Theft of 672K Individuals

Marquis, a Texas financial services firm, suffered a ransomware attack affecting over 670,000 individuals. The breach compromised sensitive personal data, raising serious security concerns. Affected individuals should monitor their accounts closely and take protective measures.

BleepingComputer·
HIGHMalware & Ransomware

Malware - Iranian Hackers Used Stolen Credentials in Stryker Breach

A significant cyberattack on Stryker by Iranian hackers has disrupted operations globally. The attackers exploited stolen credentials, raising serious security concerns. Stryker is working to restore affected systems while authorities investigate the breach.

SecurityWeek·
HIGHMalware & Ransomware

Vidar Stealer 2.0 - Malware Delivered via Fake Game Cheats

A new malware campaign is exploiting fake game cheats on GitHub and Reddit to deliver Vidar 2.0. Gamers are at risk as they unknowingly install this dangerous infostealer. Stay informed and protect your data from these evolving threats.

Infosecurity Magazine·
HIGHMalware & Ransomware

Malware - GlassWorm Campaign Targets Python Repos via GitHub

A new malware campaign, ForceMemo, is targeting Python repositories on GitHub using stolen developer tokens. This poses a significant risk to developers and users alike. Vigilance is crucial to prevent compromise.

SC Media·
HIGHMalware & Ransomware

GlassWorm Malware - Major Attack Hits GitHub and npm Repos

A new wave of GlassWorm malware has compromised over 400 code repositories on GitHub and npm. Developers are at risk of losing sensitive data. Stay vigilant and check for signs of infection to protect your projects.

BleepingComputer·
HIGHMalware & Ransomware

Ransomware - Attackers Shift to Native Windows Tools

Ransomware actors are changing tactics, moving from Cobalt Strike to native Windows tools. This shift is driven by lower payment rates and rising data theft. Organizations need to adapt their defenses to counter these evolving threats.

Dark Reading·