Linux botnet ‘Luno’ unleashes advanced DDoS capabilities
Cyble threat intelligence researchers have identified a sophisticated Linux botnet built for cryptocurrency mining, remote command execution, and dozens of DDoS attack types.
Cyble Research and Intelligence Labs (CRIL) researchers have dubbed the campaign “Luno.” The malware also includes strong obfuscation and evasion features, “indicating active professional threat actor involvement,” the researchers wrote in a blog post.
“Unlike conventional cryptominers or DDoS botnets, LunoC2 exhibits process masquerading, binary replacement, and a self-update system, suggesting the malware is designed as a long-term criminal infrastructure tool,” they said.
