August 5, 2015

Bunitu Trojan botnet supports commercial VPN infrastructure

In a blog post, Jérôme Segura, Senior security researcher at Malwarebytes said analysts at the firm — together with ad-fraud company Sentrant — have recently been exploring the distribution of Bunitu. The malware was previously discovered in malvertising campaigns and became part of the payload for is the Neutrino and Angler exploit kits. However, recent botnet requests are not related to ad-fraud; instead, a virtual private network (VPN) is being used to conceal Bunitu’s tracks.

Read More