Neko
Neko is a botnet Trojan that infects multiple brands of routers. Its attacks focus on DDoSing external websites, although it includes more generally-applicable capabilities, such as controlling memory processes. Users should patch their routers where applicable, reset compromised routers to factory conditions, and use anti-malware tools for determining whether removing Neko also requires removing related threats from their computers.
The Cat with Its Whiskers in Any Router It can Find
Neko (or the Japanese word for 'cat') is a botnet that operates along the same philosophical lines as concurrent Trojan networks, like the Mirai Botnet or Gafgyt (also known as Bashlite, Qbot, etc.). It shares with them a dependency on abusing software vulnerabilities or poorly-maintained logins for getting access to routers, which it converts into slaves in its network. Recent versions of Neko do show themselves as being especially broad-minded, concerning how they find and infiltrate new hardware.
The Linux-based Neko includes various features for supporting its core purpose of DDoSing:
- It can terminate other memory processes, with internal settings emphasizing combating any other botnets that might be sharing space with it in the router.
- It can execute shell commands for various purposes.
- It may launch traffic-flooding attacks using UDP and UDP-HEX (an alternative to TCP). These floods are capable of bringing down servers by simulating mass amounts of traffic. The performance of the router, itself, also may be hindered in the process.
While these features aren't unexpected from the average botnet, Neko also wields significant self-distributing features. Malware experts are confirming that Neko's distribution exploits in receiving active management and updating, and range from abusing multiple environments' software vulnerabilities, such as an RCE attack against DVR devices, to brute-forcing weak login credentials.
Dodging the Pounce of a Neko Trojan
Unlike some Trojans, like the Plead Backdoor that favors ASUS-brand routers, Neko uses a brand-agnostic strategy for widening its botnet. Users should protect themselves by updating firmware and software for routers and other, exploitable devices, which will reduce the presence of any vulnerabilities leading to remote code execution, privilege escalation or other issues. Devices also never should use default or easily-guessable logins, which is an invitation to being brute-forced by threat actors with scanning tools.
Besides suffering performance issues concerning Internet connectivity, there are few symptoms related to routers that are compromised by Neko. Users suspecting the presence of this threat can disable the device temporarily and reset it to factory conditions via methods recommended by the manufacturer. Installing any available software updates and, particularly, changing logins out of factory-default values, should also be taken as mandatory while removing Neko and preventing future attacks. Standard anti-malware tools can remove other threats that may be related to the compromise of the router and take advantage of it for infecting your computer.
Like the species its name references, Neko is an indiscriminate predator that will eat any hardware that fits into its mouth. Unlike a mouse, however, Neko's victims have options for self-defense that go well beyond merely running out of sight
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.