Original Post: New Sysrv Botnet Variant Makes Use of Google Subdomain to Spread XMRig Miner
Sysrv is a botnet first identified in 2020 that drops a cryptominer onto infected hosts and attempts to propagate itself using various methods. The latest variant of the botnet was discovered targeting compromised sites and using a seemingly legitimate domain belonging to a Malaysian academic institution to host malicious files. The botnet has evolved with updated dropper scripts and enhanced binary capabilities, including obfuscation and use of a Google subdomain to download the miner. The botnet operators are constantly evolving to evade detection, using seemingly trusted sources to deliver malicious files. Imperva Threat Research has uncovered new Indicators of Compromise (IoCs) related to the botnet.
Go here to read the Original Post