By rssfeeds-admin 
Security researchers have observed a sharp rise in attacks against routers, firewalls, and IoT devices, highlighting a growing trend where these systems are exploited for both large-scale DDoS campaigns and cryptocurrency mining.
Recent findings from Eclypsium reveal that this activity is no longer limited to advanced nation-state groups.
Financially motivated attackers are now actively leveraging the same techniques to monetize compromised devices. These attacks exploit weak configurations, unpatched vulnerabilities, and a lack of visibility into network hardware.
New Malware Variants Target Network Devices
On March 6, 2026, researchers identified two previously undocumented malware strains actively targeting Linux-based systems and network devices.
The first, CondiBot, is a new variant of a Mirai-derived botnet. It is designed to convert infected devices into remotely controlled nodes capable of launching distributed denial-of-service (DDoS) attacks.
Unlike earlier versions, this variant supports multiple system architectures, including ARM, MIPS, and x86, allowing it to infect a wide range of devices.
CondiBot uses multiple download methods such as wget, curl, and TFTP to ensure successful infection. Once deployed, it connects to a command-and-control (C2) server, turns off reboot functions, and removes competing malware.
It then waits for instructions to launch network attacks. Researchers also found that this version includes expanded attack capabilities and new identifiers, suggesting ongoing development.
The second strain, called “Monaco,” combines an SSH scanner and a crypto-miner. Written in Go, it scans the internet for exposed SSH services and uses brute-force techniques with common passwords to gain access.
Once inside, it deploys Monero mining software and sends stolen credentials back to its C2 infrastructure.
Monaco is designed to run across multiple platforms, including servers, routers, and IoT devices. It also kills competing miners and optimizes system performance to maximize cryptocurrency output.
Growing Trend and Enterprise Risk
According to Eclypsium research, these campaigns reflect a broader trend highlighted in industry reports. Exploitation of network devices has surged significantly, with many attacks occurring before patches are applied.
In many cases, attackers gain access without any user interaction by targeting internet-facing systems such as VPNs and gateways.
Network devices present a unique risk because they often lack traditional security monitoring tools. This creates a visibility gap, allowing attackers to remain undetected for long periods.
Once compromised, these devices provide strategic access for lateral movement, traffic interception, and persistent control.
The rise of malware like CondiBot and Monaco demonstrates how attackers are combining disruption and profit-driven tactics.
As network infrastructure becomes a primary target, organizations must prioritize patching, enforce strong credentials, and improve monitoring of these critical systems.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.
The post Malware Operators Hijack Network Devices For DDoS Attacks and Crypto Mining appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.