Blog
>
Research
2
 Min read

Andromeda Botnet: A Threat to Albania’s Cybersecurity

Published on 
Dec 26, 2023
Andromeda Botnet: A Threat to Albania’s Cybersecurity

The Andromeda botnet, also known as Gamarue, Wauchos, and Andromeda Stealer, is a sophisticated and long-standing malware family that has been used for various purposes, such as spamming, DDoS attacks, and credential theft. It has been active since 2011 and has infected millions of devices worldwide.

According to Fortinet’s Threat Map, Albania has been targeted by the Andromeda botnet in the past years. The map shows that there have been multiple attacks detected in Albania, with the majority of them being detected in the capital city, Tirana.

https://www.fortiguard.com/threat-research/map/country/AL

The Andromeda botnet is modular and can download and execute additional modules. The botnet is controlled by a Command and Control (C&C) server, which sends commands to the infected devices. The C&C server can also receive data from the infected devices, such as stolen credentials, which can be used for further attacks.

In December 2017, the Andromeda botnet was taken down in a joint operation by law enforcement agencies in the US and Europe. However, the botnet’s source code was leaked, and new variants of Andromeda have since emerged, making it an ongoing threat.

According to MalwareBazaar, there are still active Andromeda botnet Command and Control (C&C) servers operating in Albania. MalwareBazaar provides the following IoCs associated with Andromeda botnet activity in Albania:

  • Domain: php.softwareupgrades.info IP: 45.56.124.214 ;
  • Domain: panik.beget.tech IP: 185.50.27.56;
  • Domain: zamg.xyz IP: 193.23.181.231;

The Andromeda botnet is a significant threat to Albania’s cybersecurity. It is capable of performing various malicious activities that can compromise the security of devices and steal sensitive information. To protect against Andromeda, it is essential to keep systems and software up-to-date, use anti-malware software, and avoid clicking on suspicious links or downloading files from untrusted sources.

In conclusion, it is crucial for individuals and organizations in Albania to remain vigilant and adopt good security practices to mitigate the risks of Andromeda and other malware threats. By staying up-to-date on the latest IoCs associated with Andromeda botnet activity and taking proactive measures to protect against it, they can help to ensure the security and privacy of their devices and data.

By clicking "Accept" you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts.