Find notable cyber news and cases, enriched with sources, timelines, and signals.

RondoDox botnet expands mining and DDoS capabilities

Malware Activity
First reported
Last updated
Happening score
H score 31
1 unique sources, 1 articles

Summary

Hide ▲

RondoDox botnet now combines cryptocurrency mining with XMRig and DDoS attacks, expanding both monetization and disruption risk across exposed systems. It reaches targets by exploiting over 170 known vulnerabilities in internet-facing applications and then drops a shell script to prepare the infection. The malware also performs anti-analysis steps and removes competing malware before installing the right botnet binary for the host architecture. It can launch DoS attacks across the internet, transport, and application layers when commanded.

Related Happenings

UAT-7810 malware toolkit expansion with LONGLEASH, DOGLEASH, and JARLEASH

Malware Activity
H score27 First: 08.07.2026 17:30 Last: 08.07.2026 17:30 Sources 1

About this happening: **Chinese threat actor UAT-7810** is **actively refining** its bespoke malware to expand the **LapDogs ORB network** by breaking into **internet-facing networking devices**. The a...

MacOS LOTL detection and hardening guidance against native-tool abuse

Defensive Guidance
H score17 First: 22.04.2026 19:30 Last: 22.04.2026 19:30 Sources 1

About this happening: Defensive guidance now pushes **macOS** security teams to detect native-tool abuse by shifting toward **process lineage analysis**, because attackers are using built-in features t...

PowMix phishing campaign targeting Czech workforce

Campaign
H score34 First: 16.04.2026 20:52 Last: 16.04.2026 20:52 Sources 1

How related: Cybersecurity researchers have warned of an active malicious campaign that's targeting the workforce in the Czech Republic with a previously undocumented botnet dubbed PowMix since at least December 2025.

About this happening: The **PowMix** campaign is actively targeting the **Czech Republic’s workforce**, raising the risk of **remote access** and **remote code execution** on compromised systems. The i...

UAT-9244 TernDoor, PeerTime, and BruteEntry malware activity

Malware Activity
H score22 First: 06.03.2026 01:19 Last: 06.03.2026 01:19 Sources 1

About this happening: A **China-linked** malware cluster has been using **TernDoor**, **PeerTime**, and **BruteEntry** to compromise **telecommunication providers in South America** and turn infected s...

DKnife gateway-monitoring malware framework

Malware Activity
H score23 First: 06.02.2026 19:00 Last: 06.02.2026 19:00 Sources 1

About this happening: The discovery of **DKnife** exposes a **long-running malware framework** that has remained active since at least **2019**, raising the risk of **gateway-level traffic interception...

Timeline

  1. 16.04.2026 20:52 2 articles · 2mo ago

    RondoDox botnet adds XMRig mining and layered DDoS

    Technical Analysis Update

    Bitsight-linked analysis describes the RondoDox botnet as an actively maintained threat that can mine cryptocurrency with XMRig while retaining distributed denial-of-service functionality across the internet, transport, and application layers. The malware also exploits over 170 known vulnerabilities in internet-facing applications for initial access, drops a shell script that performs anti-analysis and removes competing malware, and then installs the appropriate botnet binary for the host architecture.

    Show sources