{"id":45247,"date":"2022-02-11T15:26:59","date_gmt":"2022-02-11T15:26:59","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/33100\/After-Lying-Low-SSH-Botnet-Mushrooms-And-Is-Harder-Than-Ever-To-Take-Down.html"},"modified":"2022-02-11T15:26:59","modified_gmt":"2022-02-11T15:26:59","slug":"after-lying-low-ssh-botnet-mushrooms-and-is-harder-than-ever-to-take-down","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/after-lying-low-ssh-botnet-mushrooms-and-is-harder-than-ever-to-take-down\/","title":{"rendered":"After Lying Low, SSH Botnet Mushrooms And Is Harder Than Ever To Take Down"},"content":{"rendered":"<figure class=\"intro-image intro-left\"> <img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2020\/04\/botnet6-800x450.jpg\" alt=\"Rows of 1950s-style robots operate computer workstations.\"><figcaption class=\"caption\"><\/figcaption><\/figure>\n<aside id=\"social-left\" class=\"social-left\" aria-label=\"Read the comments or share this article\"> <a title=\"37 posters participating\" class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/information-technology\/2022\/02\/after-lying-low-ssh-botnet-mushrooms-and-is-harder-than-ever-to-take-down\/?comments=1\"> <\/p>\n<h4 class=\"comment-count-before\">reader comments<\/h4>\n<p> <span class=\"comment-count-number\">50<\/span> <span class=\"visually-hidden\"> with 37 posters participating<\/span> <\/a> <\/p>\n<div class=\"share-links\">\n<h4>Share this story<\/h4>\n<\/p><\/div>\n<\/aside>\n<p> <!-- cache hit 18:single\/related:003ed3501c9388160738e4865376995f --><!-- empty --><\/p>\n<p>Two years ago, researchers stumbled upon one of the Internet\u2019s most intriguing botnets: a previously undiscovered network of 500 servers, many in well-known universities and businesses around the world, that was impervious to normal takedown methods. After lying low for 16 months, those researchers said, the botnet known as FritzFrog is back with new capabilities and a larger base of infected machines.<\/p>\n<h2>SSH servers, beware<\/h2>\n<p>FritzFrog targets just about anything with an SSH, or <a href=\"https:\/\/www.ssh.com\/academy\/ssh\">secure shell<\/a>, server\u2014cloud instances, data center servers, routers, and the like\u2014and installs an unusually advanced payload that was written from scratch. When researchers from security firm Guardicore Labs (now Akamai&nbsp;Labs) <a href=\"https:\/\/arstechnica.com\/information-technology\/2020\/08\/new-p2p-botnet-infects-ssh-servers-all-over-the-world\/\">reported it in mid-2020<\/a>, they called it a \u201cnext-generation\u201d botnet because of its full suite of capabilities and well-engineered design.<\/p>\n<p>It was a decentralized, peer-to-peer architecture that distributed administration among many infected nodes rather than a central server, making it hard to detect or take it down using traditional methods. Some of its advanced traits included:<\/p>\n<ul>\n<li>In-memory payloads that never touch the disks of infected servers<\/li>\n<li>At least 20 versions of the software binary since January<\/li>\n<li>A sole focus on infecting&nbsp;<a href=\"https:\/\/en.wikipedia.org\/wiki\/Secure_Shell\">secure shell<\/a>&nbsp;servers that network administrators use to manage machines<\/li>\n<li>The ability to backdoor infected servers<\/li>\n<li>A list of login credential combinations used to suss out weak login passwords that is more \u201cextensive\u201d than those in previously seen botnets<\/li>\n<\/ul>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\"> <span class=\"ad_notice\">Advertisement <\/span> <\/aside>\n<p>By August 2020, FritzFrog had corralled about 500 machines from well-known organizations into its network. Following the report, the P2P scaled down the number of new infections. Starting last December, Akamai researchers <a href=\"https:\/\/www.akamai.com\/blog\/security\/fritzfrog-p2p\">reported on Thursday<\/a>, the botnet&#8217;s infection rate increased tenfold and has now mushroomed to more than 1,500 machines.<\/p>\n<figure class=\"image shortcode-img center large\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2022\/02\/fritzfrog-infections.jpg\" class=\"enlarge\" data-height=\"840\" data-width=\"1440\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2022\/02\/fritzfrog-infections-640x373.jpg\" width=\"640\" height=\"373\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2022\/02\/fritzfrog-infections-1280x747.jpg 2x\"><\/a><figcaption class=\"caption\"><\/figcaption><\/figure>\n<p>The advanced software is updated daily to fix bugs and over the past several months has implemented new functionality and more aggressive infection methods. Among the organizations it has infected in its latest form are a European television channel network, a Russian manufacturer of health care equipment, multiple universities in East Asia and others in healthcare, higher education, and government.<\/p>\n<figure class=\"image shortcode-img center large\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2022\/02\/fritzfrog-infection-locations.jpg\" class=\"enlarge\" data-height=\"840\" data-width=\"1440\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2022\/02\/fritzfrog-infection-locations-640x373.jpg\" width=\"640\" height=\"373\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2022\/02\/fritzfrog-infection-locations-1280x747.jpg 2x\"><\/a><figcaption class=\"caption\"><\/figcaption><\/figure>\n<p>FritzFrog spreads by scanning the Internet for SSH servers, and when it finds one, it attempts to log in using a list of credentials. When successful, the botnet software installs proprietary malware that makes it a drone in a sprawling, headless P2P network. Each server constantly listens for connections on port 1234 while simultaneously scanning thousands of IP addresses over ports 22 and 2222. When it encounters other infected servers, the servers exchange data with each other to ensure all of them are running the latest malware version and have the most up-to-date database of targets and infected machines.<\/p>\n<p>To evade firewalls and endpoint protection software, FritzFrog pipes commands over SSH to a netcat client on the infected machine. Netcat then connects to a \u201cmalware server\u201d hosted on an infected machine rather than a central server.<\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/33100\/After-Lying-Low-SSH-Botnet-Mushrooms-And-Is-Harder-Than-Ever-To-Take-Down.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":45248,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[8802],"class_list":["post-45247","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-blogs","tag-headlinehackermalwarebotnet"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>After Lying Low, SSH Botnet Mushrooms And Is Harder Than Ever To Take Down 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/after-lying-low-ssh-botnet-mushrooms-and-is-harder-than-ever-to-take-down\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"After Lying Low, SSH Botnet Mushrooms And Is Harder Than Ever To Take Down 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/after-lying-low-ssh-botnet-mushrooms-and-is-harder-than-ever-to-take-down\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-02-11T15:26:59+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2020\/04\/botnet6-800x450.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/after-lying-low-ssh-botnet-mushrooms-and-is-harder-than-ever-to-take-down\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/after-lying-low-ssh-botnet-mushrooms-and-is-harder-than-ever-to-take-down\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"After Lying Low, SSH Botnet Mushrooms And Is Harder Than Ever To Take Down\",\"datePublished\":\"2022-02-11T15:26:59+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/after-lying-low-ssh-botnet-mushrooms-and-is-harder-than-ever-to-take-down\\\/\"},\"wordCount\":497,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/after-lying-low-ssh-botnet-mushrooms-and-is-harder-than-ever-to-take-down\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/02\\\/after-lying-low-ssh-botnet-mushrooms-and-is-harder-than-ever-to-take-down.jpg\",\"keywords\":[\"headline,hacker,malware,botnet\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/after-lying-low-ssh-botnet-mushrooms-and-is-harder-than-ever-to-take-down\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/after-lying-low-ssh-botnet-mushrooms-and-is-harder-than-ever-to-take-down\\\/\",\"name\":\"After Lying Low, SSH Botnet Mushrooms And Is Harder Than Ever To Take Down 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/after-lying-low-ssh-botnet-mushrooms-and-is-harder-than-ever-to-take-down\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/after-lying-low-ssh-botnet-mushrooms-and-is-harder-than-ever-to-take-down\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/02\\\/after-lying-low-ssh-botnet-mushrooms-and-is-harder-than-ever-to-take-down.jpg\",\"datePublished\":\"2022-02-11T15:26:59+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/after-lying-low-ssh-botnet-mushrooms-and-is-harder-than-ever-to-take-down\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/after-lying-low-ssh-botnet-mushrooms-and-is-harder-than-ever-to-take-down\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/after-lying-low-ssh-botnet-mushrooms-and-is-harder-than-ever-to-take-down\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/02\\\/after-lying-low-ssh-botnet-mushrooms-and-is-harder-than-ever-to-take-down.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/02\\\/after-lying-low-ssh-botnet-mushrooms-and-is-harder-than-ever-to-take-down.jpg\",\"width\":800,\"height\":450},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/after-lying-low-ssh-botnet-mushrooms-and-is-harder-than-ever-to-take-down\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,malware,botnet\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackermalwarebotnet\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"After Lying Low, SSH Botnet Mushrooms And Is Harder Than Ever To Take Down\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"After Lying Low, SSH Botnet Mushrooms And Is Harder Than Ever To Take Down 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/after-lying-low-ssh-botnet-mushrooms-and-is-harder-than-ever-to-take-down\/","og_locale":"en_US","og_type":"article","og_title":"After Lying Low, SSH Botnet Mushrooms And Is Harder Than Ever To Take Down 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/after-lying-low-ssh-botnet-mushrooms-and-is-harder-than-ever-to-take-down\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-02-11T15:26:59+00:00","og_image":[{"url":"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2020\/04\/botnet6-800x450.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/after-lying-low-ssh-botnet-mushrooms-and-is-harder-than-ever-to-take-down\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/after-lying-low-ssh-botnet-mushrooms-and-is-harder-than-ever-to-take-down\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"After Lying Low, SSH Botnet Mushrooms And Is Harder Than Ever To Take Down","datePublished":"2022-02-11T15:26:59+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/after-lying-low-ssh-botnet-mushrooms-and-is-harder-than-ever-to-take-down\/"},"wordCount":497,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/after-lying-low-ssh-botnet-mushrooms-and-is-harder-than-ever-to-take-down\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/02\/after-lying-low-ssh-botnet-mushrooms-and-is-harder-than-ever-to-take-down.jpg","keywords":["headline,hacker,malware,botnet"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/after-lying-low-ssh-botnet-mushrooms-and-is-harder-than-ever-to-take-down\/","url":"https:\/\/www.threatshub.org\/blog\/after-lying-low-ssh-botnet-mushrooms-and-is-harder-than-ever-to-take-down\/","name":"After Lying Low, SSH Botnet Mushrooms And Is Harder Than Ever To Take Down 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/after-lying-low-ssh-botnet-mushrooms-and-is-harder-than-ever-to-take-down\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/after-lying-low-ssh-botnet-mushrooms-and-is-harder-than-ever-to-take-down\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/02\/after-lying-low-ssh-botnet-mushrooms-and-is-harder-than-ever-to-take-down.jpg","datePublished":"2022-02-11T15:26:59+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/after-lying-low-ssh-botnet-mushrooms-and-is-harder-than-ever-to-take-down\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/after-lying-low-ssh-botnet-mushrooms-and-is-harder-than-ever-to-take-down\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/after-lying-low-ssh-botnet-mushrooms-and-is-harder-than-ever-to-take-down\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/02\/after-lying-low-ssh-botnet-mushrooms-and-is-harder-than-ever-to-take-down.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/02\/after-lying-low-ssh-botnet-mushrooms-and-is-harder-than-ever-to-take-down.jpg","width":800,"height":450},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/after-lying-low-ssh-botnet-mushrooms-and-is-harder-than-ever-to-take-down\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,malware,botnet","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackermalwarebotnet\/"},{"@type":"ListItem","position":3,"name":"After Lying Low, SSH Botnet Mushrooms And Is Harder Than Ever To Take Down"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/45247","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=45247"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/45247\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/45248"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=45247"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=45247"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=45247"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}