The Tsundere botnet represents a significant evolution of previous malware tactics, utilizing Node.js and Ethereum blockchain to structure its operations. Initially identified through malware packages delivered via npm, the botnet has adapted to deliver persistent threats via disguised installers and various distribution methods, including RMM tools and fake game applications.
With complex functionality, the bot can dynamically evaluate and execute JavaScript code from the C2 server, allowing for sophisticated control over infected systems. Its persistence mechanisms include establishing registry keys and using WebSocket connections for continuous communication with its C2 infrastructure.
Additionally, the botnet introduces a marketplace for other threat actors to utilize its capabilities while also linking back to previous malware exploits. It is assumed that the authors are Russian-speaking individuals, likely influenced by past activities linked to similar malware, providing a strong indication of the botnet’s geographical roots. This blend of existing threats and new strategies makes Tsundere a formidable addition to the current malware landscape.
👉 Pročitaj original: Kaspersky Securelist
