It seems that every other day there’s a new botnet out there, and they’re mostly copies of one another. However, researchers at Chinese cybersecurity company Qihoo 360’s Netlab found a new type of botnet that takes things up a notch by using a reverse proxy service called ngrok for its payload server.
“This botnet hides its downloader and reporter server by using the ngrok reverse proxy service to periodically generate a large number of random subdomain names. The botnet master does not have control over what the subdomains will be, as the subdomains are generated randomly by the ngrok service, which in this case is actually a blessing for the botnet,” the researchers said.
This article appeared first on Cryptovest