Malware researchers have spotted the activity of a botnet called Roboto Botnet. The activities of this botnet were first spotted in the summer of 2019. The Roboto Botnet appears to be targeting Linux servers and gathers the compromised targets to create a wide-reaching botnet that can be used for various operations. Experts have reported that there is a total of 215,000 Linux servers that are using the Webmin application approximately. This application appears to be the infection vector utilized by the operators of the Roboto Botnet. However, it must be noted that the updated versions of the Webmin software suite are not vulnerable, and the attackers can only exploit outdated variants of the application. Despite the Roboto Botnet’s activity dating back to the summer of 2019, its operators have started mass-expanding it only recently. This is why malware researcher’s interest was drawn instantly.
Uses the Peer-to-Peer Technique
The operators of the Roboto Botnet may be using it to execute DDoS (Distributed-Denial-of-Service) attacks mainly. These attacks are carried out using a few different vectors – HTTP, ICMP, UDP and TCP. So far, the operators of the Roboto Botnet have not used the botnet for DDoS attacks, which leads malware experts to believe that at the moment, their efforts are concentrated into expanding the size of the botnet. The operators of the Roboto Botnet have made sure that the compromised servers use a peer-to-peer technique instead of contacting the control server of the authors constantly. The infected servers are scanning the Internet looking for other servers that are running an outdated version of the mentioned Webmin application previously.
The Roboto Botnet also packs a backdoor module. This means that the operators can grab files, gather details about the compromised host, plant additional malware, run shell and Linux commands. This means that the operators of the Roboto Botnet have far greater power than simply launching DDoS attacks against their targets.
The Roboto Botnet operators are working hard on expanding their botnet, and we cannot be sure what their plans are for the future.