Home Malware Programs Botnets Ttint Botnet

Ttint Botnet

Posted: October 5, 2020

Some botnets usually manage to stay under the radar for a long time because their authors have opted not to harvest their power just yet. This is the case of the Ttint Botnet, a newly discovered campaign that appears to make use of vulnerabilities in routers made by Tenda. Cybersecurity experts suspect that the Ttint Botnet has been active for over a year, but it has not been used to carry out attacks during this period. Instead, its author has used the last months to grow the Ttint Botnet as much as possible by scanning the Internet for potential victims.

This Threatening Botnet Features Remote Access Modules

Internet-of-things (IoT) botnets have become very popular among cybercriminals over the past few years, and the Ttint Botnet is just one of the many projects that target IoT devices exclusively. However, this particular campaign is extra spicy because the botnet is used for more than just typical Distributed-Denial-of-Service (DDoS) attacks. The threatening implant used to infect routers also gives attackers the ability to gain remote access to the infected device. This could be used to modify the router's settings, redirect traffic, set up proxy servers, tamper with the DNS configuration and more.

Some of Ttint Botnet's modules appear to be taken from the Mirai Botnet project directly, but the authors also have made sure to expand the project's features greatly. The added remote access features make the botnet much more flexible, and it is possible that the criminals behind it may already be using this functionality to manipulate router configuration so that their users are redirected to advertisements and unsafe sites.

Unfortunately, the Ttint Botnet's expansion is difficult to stop at the moment because of the lack of a security patch by the manufacturers of Tenda routers. Allegedly, the criminals behind the campaign are leveraging two zero-day exploits, one of which undisclosed, to infect devices. Users of Tenda routers should consider switching to a different type of router until a firmware update is released.

Loading...