#botnets

#botnets

Researchers at Kaspersky have analyzed a recently discovered Android malware that enables its operators to remotely control compromised devices. Dubbed Keenadu, the backdoor has been found in the firmware of various Android device brands, particularly tablets. While in some cases the malware appears to have been injected into the firmware during development, it has also been delivered to devices via OTA firmware updates.

Google's Threat Intelligence Group (GTIG) describes IPIDEA as a "little-known component of the digital ecosystem" and says that in a seven-day period in January 2026, it observed more than 550 threat groups using IPIDEA exit nodes. GTIG said that proxy network operators sometimes pay app developers to embed proxy SDKs so that any device that downloads the app is enrolled in the network.

The cybersecurity company said PHP servers have emerged as the most prominent targets of these attacks owing to the widespread use of content management systems like WordPress and Craft CMS. This, in turn, creates a large attack surface as many PHP deployments can suffer from misconfigurations, outdated plugins and themes, and insecure file storage. Some of the prominent weaknesses in PHP frameworks that have been exploited by threat actors are listed below - CVE-2017-9841 - A Remote code execution vulnerability in PHPUnit CVE-2021-3129 - A Remote code execution vulnerability in Laravel CVE-2022-47945 - A Remote code execution vulnerability in ThinkPHP Framework

AyySSHush botnet exploits Asus routers by bypassing security features to establish persistent backdoor access, even through firmware updates, highlighting a serious security concern.

IoT manufacturers are failing to help prevent DDoS attacks by fixing known vulnerabilities, allowing criminals to launch years-long campaigns.