Bondat Worm Resurgence

360 Total Security Center has detected 15,000 computers newly infected with the botnet-worm Bondat. When the malware first appeared in 2013, it targeted users’ browser home pages to make a profit. This new version, primarily spread through removable drives, discretely mines the Monero cryptocurrency through a coinhive script in a hidden browser, adds the infected device to its botnet, and uses a PowerShell script to download a setup.php file designed to target WordPress sites through brute-force attacks. The malware is able to evade anti-virus software by shutting down its processes and displaying a fraudulent error message. Bondat has primarily targeted large networks to use up their processing power. The NJCCIC recommends that all users review the 360 Total Security reportand the NJCCIC threat profiles on cryptocurrency-mining malware and botnets for more information. All users, particularly web administrators, are advised to ensure they have establish strong credentials and multi-factor authentication; run an updated, reputable anti-malware software; and scan external devices before connecting them to your network.