{"id":10449,"date":"2025-07-23T12:33:36","date_gmt":"2025-07-23T05:33:36","guid":{"rendered":"https:\/\/infosec.new88088.net\/?p=10449"},"modified":"2026-02-05T12:33:42","modified_gmt":"2026-02-05T05:33:42","slug":"ban-tin-ma-doc-lumma-hoi-sinh-botnet-svf-danh-thang-vao-may-chu-linux-ssh","status":"publish","type":"post","link":"https:\/\/infosec.new88088.net\/2025\/07\/23\/ban-tin-ma-doc-lumma-hoi-sinh-botnet-svf-danh-thang-vao-may-chu-linux-ssh\/","title":{"rendered":"B\u1ea3n tin m\u00e3 \u0111\u1ed9c: Lumma h\u1ed3i sinh, botnet SVF \u0111\u00e1nh th\u1eb3ng v\u00e0o m\u00e1y ch\u1ee7 Linux SSH"},"content":{"rendered":"<p><b>T\u1ed9i ph\u1ea1m m\u1ea1ng kh\u00f4ng bi\u1ebfn m\u1ea5t, ch\u00fang ch\u1ec9 thay \u0111\u1ed5i c\u00e1ch th\u1ee9c t\u1ea5n c\u00f4ng. Trong khi Lumma Infostealer ph\u1ee5c h\u1ed3i nhanh ch\u00f3ng sau khi b\u1ecb tri\u1ec7t ph\u00e1 th\u00ec SVF Botnet l\u1ea1i cho th\u1ea5y m\u1ee9c \u0111\u1ed9 nguy hi\u1ec3m m\u1edbi nh\u1eafm v\u00e0o m\u00e1y ch\u1ee7 Linux SSH. D\u01b0\u1edbi \u0111\u00e2y l\u00e0 t\u1ed5ng h\u1ee3p chi ti\u1ebft c\u1ee7a WhiteHat v\u1ec1 hai m\u1ed1i \u0111e d\u1ecda \u0111ang n\u1ed5i b\u1eadt th\u1eddi gian g\u1ea7n \u0111\u00e2y.<\/b><\/p>\n<div style=\"text-align: center\">\n<div class=\"bbImageWrapper  js-lbImage\" title=\"1753259327404.png\" data-src=\"https:\/\/whitehat.vn\/attachments\/1753259327404-png.17360\/\" data-lb-sidebar-href=\"\" data-lb-caption-extra-html=\"\" data-single-image=\"1\"><img fetchpriority=\"high\" decoding=\"async\" class=\"bbImage\" title=\"1753259327404.png\" src=\"https:\/\/whitehat.vn\/attachments\/1753259327404-png.17360\/\" alt=\"1753259327404.png\" width=\"700\" height=\"390\" data-url=\"\" data-zoom-target=\"1\" \/><\/div>\n<\/div>\n<h2>1. <b>Lumma Infostealer t\u00e1i xu\u1ea5t m\u1ea1nh sau truy qu\u00e9t<\/b>\u200b<\/h2>\n<p>V\u00e0o th\u00e1ng 5\/2025, c\u01a1 quan th\u1ef1c thi ph\u00e1p lu\u1eadt qu\u1ed1c t\u1ebf \u0111\u00e3 thu gi\u1eef h\u01a1n 2.300 t\u00ean mi\u1ec1n v\u00e0 m\u1ed9t ph\u1ea7n h\u1ea1 t\u1ea7ng \u0111i\u1ec1u khi\u1ec3n (C2) c\u1ee7a Lumma Stealer &#8211; m\u00e3 \u0111\u1ed9c \u0111\u00e1nh c\u1eafp th\u00f4ng tin ho\u1ea1t \u0111\u1ed9ng theo m\u00f4 h\u00ecnh Malware-as-a-Service (MaaS).<\/p>\n<p>Tuy nhi\u00ean, ch\u1ec9 v\u00e0i tu\u1ea7n sau, c\u00e1c chuy\u00ean gia l\u1ea1i ghi nh\u1eadn Lumma \u0111\u00e3 nhanh ch\u00f3ng ph\u1ee5c h\u1ed3i g\u1ea7n nh\u01b0 ho\u00e0n to\u00e0n, chuy\u1ec3n sang h\u1ea1 t\u1ea7ng m\u1edbi nh\u01b0 Selectel (Nga) \u0111\u1ec3 tr\u00e1nh b\u1ecb ph\u00e1t hi\u1ec7n v\u00e0 ti\u1ebfp t\u1ee5c ph\u00e1t t\u00e1n m\u1ea1nh m\u1ebd.<\/p>\n<div style=\"text-align: center\">\n<div class=\"bbImageWrapper  js-lbImage\" title=\"1753255472418.png\" data-src=\"https:\/\/whitehat.vn\/attachments\/1753255472418-png.17359\/\" data-lb-sidebar-href=\"\" data-lb-caption-extra-html=\"\" data-single-image=\"1\"><img decoding=\"async\" class=\"bbImage\" title=\"1753255472418.png\" src=\"https:\/\/whitehat.vn\/attachments\/1753255472418-png.17359\/\" alt=\"1753255472418.png\" width=\"782\" height=\"386\" data-url=\"\" data-zoom-target=\"1\" \/><\/div>\n<p><i>\u1ea2nh: Hfrance<\/i>\u200b<\/div>\n<p>C\u00e1c k\u00eanh l\u00e2y nhi\u1ec5m ch\u00ednh hi\u1ec7n nay g\u1ed3m:<\/p>\n<ul>\n<li data-xf-list-type=\"ul\">Cracks\/keygens gi\u1ea3 qua malvertising v\u00e0 k\u1ebft qu\u1ea3 t\u00ecm ki\u1ebfm gi\u1ea3 m\u1ea1o<\/li>\n<li data-xf-list-type=\"ul\">CAPTCHA gi\u1ea3 (ClickFix) d\u00f9ng PowerShell t\u1ea3i m\u00e3 \u0111\u1ed9c v\u00e0o b\u1ed9 nh\u1edb<\/li>\n<li data-xf-list-type=\"ul\">GitHub gi\u1ea3 m\u1ea1o ch\u1ee9a cheat\/game crack c\u00f3 ch\u1ee9a payload Lumma<\/li>\n<li data-xf-list-type=\"ul\">Video tr\u00ean YouTube\/Facebook d\u1eabn t\u1edbi trang ch\u1ee9a m\u00e3 \u0111\u1ed9c, \u0111\u00f4i khi qua sites.google.com<\/li>\n<\/ul>\n<p>Vi\u1ec7c Lumma t\u00e1i xu\u1ea5t m\u1ea1nh m\u1ebd cho th\u1ea5y c\u00e1c n\u1ec1n t\u1ea3ng MaaS c\u00f3 kh\u1ea3 n\u0103ng ph\u1ee5c h\u1ed3i r\u1ea5t nhanh n\u1ebfu kh\u00f4ng c\u00f3 c\u00e1c bi\u1ec7n ph\u00e1p ph\u00e1p l\u00fd \u0111\u1ee7 m\u1ea1nh nh\u01b0 b\u1eaft gi\u1eef ho\u1eb7c truy t\u1ed1. \u0110\u00e2y ti\u1ebfp t\u1ee5c l\u00e0 m\u1ed1i \u0111e d\u1ecda \u0111\u00e1ng lo ng\u1ea1i v\u1edbi ng\u01b0\u1eddi d\u00f9ng v\u00e0 doanh nghi\u1ec7p.<\/p>\n<h2>2. Botnet SVF &#8211; M\u1ed1i \u0111e d\u1ecda m\u1edbi nh\u1eafm v\u00e0o m\u00e1y ch\u1ee7 Linux SSH\u200b<\/h2>\n<p>M\u1ed9t chi\u1ebfn d\u1ecbch t\u1ea5n c\u00f4ng m\u1edbi \u0111ang l\u1ee3i d\u1ee5ng c\u00e1c m\u00e1y ch\u1ee7 Linux SSH c\u1ea5u h\u00ecnh y\u1ebfu \u0111\u1ec3 tri\u1ec3n khai botnet SVF, m\u1ed9t m\u00e3 \u0111\u1ed9c vi\u1ebft b\u1eb1ng Python, cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng \u0111i\u1ec1u khi\u1ec3n t\u1eeb xa qua n\u1ec1n t\u1ea3ng Discord v\u1ed1n \u00edt b\u1ecb gi\u00e1m s\u00e1t.<\/p>\n<p>C\u00e1ch th\u1ee9c l\u00e2y nhi\u1ec5m: SVF Botnet t\u1ea5n c\u00f4ng c\u00e1c m\u00e1y ch\u1ee7 Linux qua brute-force SSH, c\u00e0i \u0111\u1eb7t payload b\u1eb1ng chu\u1ed7i l\u1ec7nh shell t\u1ef1 \u0111\u1ed9ng, \u0111i\u1ec1u khi\u1ec3n t\u1eeb xa qua Discord v\u00e0 th\u1ef1c hi\u1ec7n c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng DDoS quy m\u00f4 l\u1edbn, \u0111\u1ed3ng th\u1eddi c\u00f3 kh\u1ea3 n\u0103ng \u1ea9n danh v\u00e0 t\u1ef1 ki\u1ec3m so\u00e1t proxy \u0111\u1ec3 t\u0103ng hi\u1ec7u qu\u1ea3 t\u1ea5n c\u00f4ng.<\/p>\n<div style=\"text-align: center\">\n<div class=\"bbImageWrapper  js-lbImage\" title=\"1753255407751.png\" data-src=\"https:\/\/whitehat.vn\/attachments\/1753255407751-png.17358\/\" data-lb-sidebar-href=\"\" data-lb-caption-extra-html=\"\" data-single-image=\"1\"><img decoding=\"async\" class=\"bbImage\" title=\"1753255407751.png\" src=\"https:\/\/whitehat.vn\/attachments\/1753255407751-png.17358\/\" alt=\"1753255407751.png\" width=\"756\" height=\"394\" data-url=\"\" data-zoom-target=\"1\" \/><\/div>\n<p>\u200b<\/p><\/div>\n<p>T\u00ednh n\u0103ng nguy hi\u1ec3m c\u1ee7a SVF Bot:<\/p>\n<ul>\n<li data-xf-list-type=\"ul\">H\u1ed7 tr\u1ee3 DDoS quy m\u00f4 l\u1edbn v\u1edbi k\u1ef9 thu\u1eadt HTTP Flood (L7) v\u00e0 UDP Flood (L4).<\/li>\n<li data-xf-list-type=\"ul\">T\u1ef1 \u0111\u1ed9ng thu th\u1eadp proxy t\u1eeb c\u00e1c trang c\u00f4ng c\u1ed9ng, x\u00e1c minh v\u00e0 s\u1eed d\u1ee5ng \u0111\u1ec3 che gi\u1ea5u ngu\u1ed3n t\u1ea5n c\u00f4ng.<\/li>\n<li data-xf-list-type=\"ul\">Giao di\u1ec7n \u0111i\u1ec1u khi\u1ec3n t\u1eeb xa qua Discord: Cho ph\u00e9p tin t\u1eb7c g\u1eedi l\u1ec7nh, qu\u1ea3n l\u00fd m\u00e1y nhi\u1ec5m, t\u00f9y ch\u1ec9nh tham s\u1ed1 t\u1ea5n c\u00f4ng, c\u1eadp nh\u1eadt ho\u1eb7c g\u1ee1 b\u1ecf bot t\u1eeb xa, k\u1ec3 c\u1ea3 ng\u01b0\u1eddi kh\u00f4ng chuy\u00ean c\u0169ng d\u1ec5 thao t\u00e1c.<\/li>\n<\/ul>\n<p>M\u1ee9c \u0111\u1ed9 nguy hi\u1ec3m:<\/p>\n<ul>\n<li data-xf-list-type=\"ul\">M\u00e3 \u0111\u1ed9c t\u1ef1 c\u1eadp nh\u1eadt v\u00e0 c\u00f3 th\u1ec3 d\u1ec5 d\u00e0ng b\u1ed5 sung ch\u1ee9c n\u0103ng m\u1edbi nh\u1edd vi\u1ebft b\u1eb1ng Python.<\/li>\n<li data-xf-list-type=\"ul\">Kh\u00f3 b\u1ecb ph\u00e1t hi\u1ec7n do s\u1eed d\u1ee5ng n\u1ec1n t\u1ea3ng ph\u1ed5 bi\u1ebfn (Discord) l\u00e0m C2.<\/li>\n<li data-xf-list-type=\"ul\">T\u1ea5n c\u00f4ng li\u00ean t\u1ee5c c\u00e1c m\u00e1y ch\u1ee7 SSH c\u1ea5u h\u00ecnh y\u1ebfu, cho th\u1ea5y nhu c\u1ea7u c\u1ea5p b\u00e1ch trong vi\u1ec7c c\u1ee7ng c\u1ed1 b\u1ea3o m\u1eadt h\u1ea1 t\u1ea7ng Linux.<\/li>\n<\/ul>\n<p>Khuy\u1ebfn c\u00e1o b\u1ea3o v\u1ec7 m\u00e1y ch\u1ee7 Linux:<\/p>\n<ul>\n<li data-xf-list-type=\"ul\">\u0110\u1ed5i m\u1eadt kh\u1ea9u m\u1ea1nh, \u0111\u1ed9c nh\u1ea5t, v\u00f4 hi\u1ec7u h\u00f3a \u0111\u0103ng nh\u1eadp b\u1eb1ng m\u1eadt kh\u1ea9u n\u1ebfu c\u00f3 th\u1ec3.<\/li>\n<li data-xf-list-type=\"ul\">Gi\u1edbi h\u1ea1n truy c\u1eadp SSH ch\u1ec9 cho IP \u0111\u00e1ng tin c\u1eady (qua firewall).<\/li>\n<li data-xf-list-type=\"ul\">C\u1eadp nh\u1eadt h\u1ec7 \u0111i\u1ec1u h\u00e0nh v\u00e0 ph\u1ea7n m\u1ec1m th\u01b0\u1eddng xuy\u00ean \u0111\u1ec3 v\u00e1 l\u1ed7 h\u1ed5ng.<\/li>\n<li data-xf-list-type=\"ul\">Gi\u00e1m s\u00e1t nh\u1eadt k\u00fd SSH, tri\u1ec3n khai h\u1ec7 th\u1ed1ng ph\u00e1t hi\u1ec7n x\u00e2m nh\u1eadp (IDS).<\/li>\n<li data-xf-list-type=\"ul\">T\u1eaft d\u1ecbch v\u1ee5 kh\u00f4ng c\u1ea7n thi\u1ebft \u0111\u1ec3 thu h\u1eb9p di\u1ec7n t\u1ea5n c\u00f4ng.<\/li>\n<\/ul>\n<p>SVF Botnet cho th\u1ea5y botnet th\u1eddi \u0111\u1ea1i m\u1edbi kh\u00f4ng c\u00f2n gi\u1edbi h\u1ea1n tr\u00ean Windows. Linux c\u0169ng \u0111ang l\u00e0 m\u1ee5c ti\u00eau h\u1ea5p d\u1eabn v\u00e0 b\u1ea5t k\u1ef3 h\u1ec7 th\u1ed1ng SSH n\u00e0o l\u01a1 l\u00e0 c\u1ea5u h\u00ecnh \u0111\u1ec1u c\u00f3 th\u1ec3 tr\u1edf th\u00e0nh c\u00f4ng c\u1ee5 trong c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng DDoS to\u00e0n c\u1ea7u.<\/p>\n<h2><b>T\u1ea1m k\u1ebft<\/b>\u200b<\/h2>\n<p>C\u1ea3 hai m\u1ed1i \u0111e d\u1ecda Lumma Infostealer v\u00e0 botnet SVF cho th\u1ea5y xu h\u01b0\u1edbng m\u00e3 \u0111\u1ed9c ng\u00e0y c\u00e0ng tinh vi, kh\u00f3 b\u1ecb tri\u1ec7t ti\u00eau d\u00f9 \u0111\u00e3 c\u00f3 c\u00e1c bi\u1ec7n ph\u00e1p ph\u00e1p l\u00fd v\u00e0 k\u1ef9 thu\u1eadt. Th\u1ef1c t\u1ebf n\u00e0y nh\u1ea5n m\u1ea1nh t\u1ea7m quan tr\u1ecdng c\u1ee7a vi\u1ec7c tri\u1ec3n khai b\u1ea3o m\u1eadt nhi\u1ec1u l\u1edbp k\u1ebft h\u1ee3p v\u1edbi gi\u00e1m s\u00e1t li\u00ean t\u1ee5c v\u00e0 ph\u1ea3n \u1ee9ng k\u1ecbp th\u1eddi \u0111\u1ec3 b\u1ea3o v\u1ec7 h\u1ec7 th\u1ed1ng trong k\u1ef7 nguy\u00ean c\u1ee7a MaaS v\u00e0 botnet hi\u1ec7n \u0111\u1ea1i.<\/p>\n<div style=\"text-align: right\"><b><i>T\u1ed5ng h\u1ee3p: Cyber Press, Bleeping Computer<\/i><\/b>\u200b<\/div>\n<div style=\"text-align: right;margin-top: 16px\"><i>Theo: <a href=\"https:\/\/whitehat.vn\/threads\/ban-tin-ma-doc-lumma-hoi-sinh-botnet-svf-danh-thang-vao-may-chu-linux-ssh.18594\/\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/whitehat.vn\/threads\/ban-tin-ma-doc-lumma-hoi-sinh-botnet-svf-danh-thang-vao-may-chu-linux-ssh.18594\/<\/a><\/i><\/div>\n","protected":false},"excerpt":{"rendered":"<p>T\u1ed9i ph\u1ea1m m\u1ea1ng kh\u00f4ng bi\u1ebfn m\u1ea5t, ch\u00fang ch\u1ec9 thay \u0111\u1ed5i c\u00e1ch th\u1ee9c t\u1ea5n c\u00f4ng. Trong khi Lumma Infostealer ph\u1ee5c h\u1ed3i nhanh ch\u00f3ng sau khi b\u1ecb tri\u1ec7t ph\u00e1 th\u00ec SVF Botnet l\u1ea1i cho th\u1ea5y m\u1ee9c \u0111\u1ed9 nguy hi\u1ec3m m\u1edbi nh\u1eafm v\u00e0o m\u00e1y ch\u1ee7 Linux SSH. D\u01b0\u1edbi \u0111\u00e2y l\u00e0 t\u1ed5ng h\u1ee3p chi ti\u1ebft c\u1ee7a WhiteHat v\u1ec1 hai [&hellip;]<\/p>\n","protected":false},"author":46,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[33],"tags":[],"class_list":["post-10449","post","type-post","status-publish","format-standard","hentry","category-tin-tuc-cua-vien"],"_links":{"self":[{"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/posts\/10449","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/users\/46"}],"replies":[{"embeddable":true,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/comments?post=10449"}],"version-history":[{"count":0,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/posts\/10449\/revisions"}],"wp:attachment":[{"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/media?parent=10449"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/categories?post=10449"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/tags?post=10449"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}