"Minecraft Servers Under Attack: Microsoft Warns About Cross-Platform DDoS Botnet"

Microsoft has identified a cross-platform botnet aimed primarily at performing Distributed Denial-of-Service (DDoS) attacks against private Minecraft servers. The MCCrash botnet is distinguished by a novel spreading method that allows it to spread to Linux-based devices despite coming from malicious software downloads on Windows hosts. According to the company, the botnet grows by enumerating default credentials on Internet-exposed Secure Shell (SSH)-enabled devices. Since Internet of Things (IoT) devices are typically enabled for remote setup with potentially insecure settings, they could be vulnerable to botnet attacks such as this. The malware may persist on IoT devices after being removed from the infected source PC. Microsoft's cybersecurity branch is following the activity cluster tracked as DEV-1028. Most of the infections have been reported in Russia, with a smaller number being reported in Kazakhstan, Uzbekistan, Ukraine, Belarus, Czechia, Italy, India, Indonesia, Nigeria, Cameroon, Mexico, and Columbia. The company did not specify the scale of the campaign. The botnet's initial infection point is a pool of machines compromised by installing cracking programs claiming to provide illegal Windows licenses. The software then functions as a conduit to execute a Python payload containing the botnet's key features, such as scanning for SSH-enabled Linux devices to initiate a dictionary attack. When the propagation technique is used to breach a Linux host, the same Python payload is deployed to launch DDoS commands, one of which is designed to break Minecraft servers. Microsoft called the approach "highly efficient," and speculated that it might be sold as a service on underground forums. This article continues to discuss the MCCrash botnet launching DDoS attacks against private Minecraft servers.

THN reports "Minecraft Servers Under Attack: Microsoft Warns About Cross-Platform DDoS Botnet"