Microsoft 365 Defender Research Team has released a new whitepaper regarding the XOR DDoS malware. The malware has been active since 2014. According to Microsoft, XOR DDoS activity has risen a massive 254% in the past six months.
Can deliver additional payloads as well
XOR DDoS malware (which is written in many different ways on different sources like XorDDoS, XorDdos, Xor DDoS, and more) utilizes XOR-based encryption to communicate with C2 (command-and-control) servers. It builds DDoS botnet instances to the infected devices. XOR DDoS malware is a successful one since it utilizes several evading and persistence methods making them hard to find and remove.
XOR DDoS can target Linux-based ARM devices as well as x64 systems, then compromise them with SSH brute-force attacks if they are not secure enough. In addition to its DDoS capabilities, XOR DDoS can install rootkits and deliver additional payloads to the systems. Microsoft has detected additional backdoors deployed on XOR DDoS-infected systems for deploying XMRig coin miners. You can read the full whitepaper by following the link below: