Ttint Botnet
Some botnets usually manage to stay under the radar for a long time because their authors have opted not to harvest their power just yet. This is the case of the Ttint Botnet, a newly discovered campaign that appears to make use of vulnerabilities in routers made by Tenda. Cybersecurity experts suspect that the Ttint Botnet has been active for over a year, but it has not been used to carry out attacks during this period. Instead, its author has used the last months to grow the Ttint Botnet as much as possible by scanning the Internet for potential victims.
This Threatening Botnet Features Remote Access Modules
Internet-of-things (IoT) botnets have become very popular among cybercriminals over the past few years, and the Ttint Botnet is just one of the many projects that target IoT devices exclusively. However, this particular campaign is extra spicy because the botnet is used for more than just typical Distributed-Denial-of-Service (DDoS) attacks. The threatening implant used to infect routers also gives attackers the ability to gain remote access to the infected device. This could be used to modify the router's settings, redirect traffic, set up proxy servers, tamper with the DNS configuration and more.
Some of Ttint Botnet's modules appear to be taken from the Mirai Botnet project directly, but the authors also have made sure to expand the project's features greatly. The added remote access features make the botnet much more flexible, and it is possible that the criminals behind it may already be using this functionality to manipulate router configuration so that their users are redirected to advertisements and unsafe sites.
Unfortunately, the Ttint Botnet's expansion is difficult to stop at the moment because of the lack of a security patch by the manufacturers of Tenda routers. Allegedly, the criminals behind the campaign are leveraging two zero-day exploits, one of which undisclosed, to infect devices. Users of Tenda routers should consider switching to a different type of router until a firmware update is released.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.