Close Menu
  • Latest News
    • Bitcoin
    • Ethereum
    • Altcoins
    • Meme Coins
  • Tech
    • Blockchain
    • Security and Privacy
  • Web 3
    • Gaming
  • Legal
    • Legal and Regulatory
    • Adoption
  • Analysis
  • Learn
    • Education
    • Wallets and Exchanges
  • Tools
    • Market Overview
    • Exchange Tool
What's Hot

How Morgan Stanley plans to bring crypto custody, staking and lending support in-house

July 16, 2026

Ethereum rallies as U.S. CPI inflation slows to 3.5% – Details

July 16, 2026

Kraken Pro Launches API Partner Program Supporting Specialized Integrations

July 16, 2026
Facebook X (Twitter) Instagram
  • Contact
  • Privacy Policy
  • Terms & Conditions
  • Disclosure
Facebook X (Twitter) Instagram
Free.cc (Free Cryptocurrency)Free.cc (Free Cryptocurrency)
  • Latest News
    1. Bitcoin
    2. Ethereum
    3. Altcoins
    4. Meme Coins
    5. View All

    Bitcoin Banking Adoption Hits 32% Average as Major Banks and Financial Institutions Integrate

    July 16, 2026

    The privacy paradox of protecting kids online

    July 15, 2026

    The Bitcoin Softfork That Tried To Police “Junk Data” — And Why It’s Already Failing

    July 15, 2026

    After a brutal H1, is the worst over for the crypto-market in 2026?

    July 15, 2026

    Ethereum rallies as U.S. CPI inflation slows to 3.5% – Details

    July 16, 2026

    Bitcoin, Ethereum and XRP Extend Rally on Fresh Buying

    July 15, 2026

    ETH Price Eyes $2,163 Target as Double Bottom Completes on Daily Chart

    July 15, 2026

    Ethereum falls to $1.7K – Will a $153 mln whale push help ETH bounce back?

    July 14, 2026

    Kraken Pro Launches API Partner Program Supporting Specialized Integrations

    July 16, 2026

    Will Bittensor [TAO] hold $193 or sink to $186? Watch out for 2 signs!

    July 15, 2026

    Assessing ENA’s target price after Ethena bulls extend post-Coinbase rally

    July 15, 2026

    NEAR Governance Vote To Scrap Gas Rebates Puts Developer Incentives Under Review

    July 15, 2026

    $1.2 Billion Exits Memecoins: Binance Data Signals Heavy Sell-Off

    July 14, 2026

    CASHCAT Soars 1,600% Amid Robinhood Memecoin Frenzy

    July 8, 2026

    Crypto Market Sectors Retreat as Meme Tokens Lead Daily Declines

    July 7, 2026

    Why Memecoins May Never Return to Their All-Time Highs

    July 4, 2026

    How Morgan Stanley plans to bring crypto custody, staking and lending support in-house

    July 16, 2026

    Ethereum rallies as U.S. CPI inflation slows to 3.5% – Details

    July 16, 2026

    Kraken Pro Launches API Partner Program Supporting Specialized Integrations

    July 16, 2026

    Bitcoin Banking Adoption Hits 32% Average as Major Banks and Financial Institutions Integrate

    July 16, 2026
  • Tech
    1. Blockchain
    2. Security and Privacy
    3. View All

    Merck and Hashgraph Group launch Hedera-based product passport for EU compliance

    June 12, 2026

    COTI and Midnight Foundation Partner to Advance the Global Privacy Ecosystem

    June 11, 2026

    Cardano Gets Exposure From Olympics Committee

    June 11, 2026

    How Privacy and Composability Trade-Offs Differ

    June 11, 2026

    Robinhood Chain tokens are reportedly vanishing from wallets causing buyers to lose funds

    July 14, 2026

    One crypto wallet tied to a 20-year-old fraudster processed over $122M before Interpol closed in

    July 13, 2026

    Convicted scammer’s “seized” crypto moves to unknown wallets while in prison as DOJ failed to secure funds

    July 13, 2026

    Relay Protocol Warns of Robinhood Chain Honeypot Coins

    July 10, 2026

    How Morgan Stanley plans to bring crypto custody, staking and lending support in-house

    July 16, 2026

    Ethereum rallies as U.S. CPI inflation slows to 3.5% – Details

    July 16, 2026

    Kraken Pro Launches API Partner Program Supporting Specialized Integrations

    July 16, 2026

    Bitcoin Banking Adoption Hits 32% Average as Major Banks and Financial Institutions Integrate

    July 16, 2026
  • Web 3
    1. Gaming
    2. View All

    Yield Guild Games Sunsets YGG Play Publishing Unit, Cuts 35 Jobs

    July 7, 2026

    GO1 and Xiaohai Set up Potential Rematch at EWC 2026 Fatal Fury Bracket in Paris

    July 6, 2026

    CoinIQ Crypto Analysis: The Anti-FOMO Crypto App That Grades Coins Before You Buy

    July 3, 2026

    Hur Blockchain och NFT-teknologi Förändrar Kasinobranschen för Alltid

    June 29, 2026

    How Morgan Stanley plans to bring crypto custody, staking and lending support in-house

    July 16, 2026

    Ethereum rallies as U.S. CPI inflation slows to 3.5% – Details

    July 16, 2026

    Kraken Pro Launches API Partner Program Supporting Specialized Integrations

    July 16, 2026

    Bitcoin Banking Adoption Hits 32% Average as Major Banks and Financial Institutions Integrate

    July 16, 2026
  • Legal
    1. Legal and Regulatory
    2. Adoption
    3. View All

    North Carolina Enacts Strict Rules for Crypto ATMs to Combat Fraud

    July 15, 2026

    The next currency crisis could turn $300 billion in stablecoins into national currencies

    July 14, 2026

    Trump Pushes Senators To Pass Clarity Act in Wake of Lindsey Graham’s Death As Crypto Bill’s Polymarket Odds Dwindle

    July 14, 2026

    After MiCA deadline, majority of Binance users sent funds to self-custody not other compliant exchanges

    July 13, 2026

    How Morgan Stanley plans to bring crypto custody, staking and lending support in-house

    July 16, 2026

    Banks are building the rails to profit from 13.9 million BTC they do not own

    July 14, 2026

    Crypto exchanges are becoming the new distribution channel for Wall Street assets

    July 14, 2026

    Tether’s $20 billion mountain of gold – equal to a national reserve

    July 13, 2026

    How Morgan Stanley plans to bring crypto custody, staking and lending support in-house

    July 16, 2026

    Ethereum rallies as U.S. CPI inflation slows to 3.5% – Details

    July 16, 2026

    Kraken Pro Launches API Partner Program Supporting Specialized Integrations

    July 16, 2026

    Bitcoin Banking Adoption Hits 32% Average as Major Banks and Financial Institutions Integrate

    July 16, 2026
  • Analysis

    CC Price Jumps 10% as Canton Gains Attention in Grayscale Report

    July 15, 2026

    Ethereum Breaks Above $1,800—Can a $24M Whale Bet Push ETH Toward $2,000?

    July 15, 2026

    LINK Price Climbs 4% as Whales Scoop Up $2.17M Worth of Chainlink

    July 15, 2026

    Van de Poppe Analyzes Bitcoin’s Resilience Today

    July 15, 2026

    PayPal Stock Price Gains 15% as Stripe, Advent Pursue $53 Billion Deal

    July 15, 2026
  • Learn
    1. Education
    2. Wallets and Exchanges
    3. View All

    What Is Robinhood Chain? The Ethereum Layer-2 Network for Tokenized Stocks

    July 12, 2026

    What Is BChat? The Decentralized Messaging App Built for Privacy

    June 2, 2026

    What Is an AI Prompt Injection Attack? The Hidden Threat Hijacking Your Chatbots

    May 31, 2026

    What Is AI Jailbreaking? A Beginner’s Guide to the Cat-and-Mouse Game Behind Every Chatbot

    May 17, 2026

    South Korea’s 8% stock crash set up a crypto rotation but Upbit volume rose just 4%

    July 15, 2026

    Hong Kong gives crypto platforms one year to ditch one-time passwords or cover user losses

    July 11, 2026

    Coinbase World Cup error shows prediction markets still have a proof problem

    July 7, 2026

    Coinbase helped build USDC – Why is it now backing the stablecoin trying to replace it, Open USD?

    July 3, 2026

    How Morgan Stanley plans to bring crypto custody, staking and lending support in-house

    July 16, 2026

    Ethereum rallies as U.S. CPI inflation slows to 3.5% – Details

    July 16, 2026

    Kraken Pro Launches API Partner Program Supporting Specialized Integrations

    July 16, 2026

    Bitcoin Banking Adoption Hits 32% Average as Major Banks and Financial Institutions Integrate

    July 16, 2026
  • Tools
    • Market Overview
    • Exchange Tool
Free.cc (Free Cryptocurrency)Free.cc (Free Cryptocurrency)
Home»Security and Privacy»Ebury Botnet Operators Diversify with Financial and Crypto Theft
Ebury Botnet Operators Diversify with Financial and Crypto Theft
Security and Privacy

Ebury Botnet Operators Diversify with Financial and Crypto Theft

September 22, 2025No Comments5 Mins Read
Share
Facebook Twitter LinkedIn Pinterest Email

Ebury, one of the most advanced server-side malware campaigns, has been active for 15 years but its use by threat actors is still growing, according to cybersecurity firm ESET.

A new report published on May 14 by ESET Research showed that operators of the Ebury malware and botnet were more active than ever in 2023.

Over the years, Ebury has been deployed as a backdoor to compromise almost 400,000 Linux, FreeBSD and OpenBSD servers. More than 100,000 were still compromised as of late 2023.

Long known to deploy spam, web traffic redirections and credential stealing, the Ebury group recently added credit card compromise and cryptocurrency theft in its techniques, tactics and procedures (TTPs).

What is the Ebury Botnet?

Ebury is a malicious group that has been active since at least 2009. It has developed an OpenSSH backdoor and a credential stealer used to deploy multiple malware strains simultaneously by relying on a bot network (botnet).

The group’s primary targets are hosting providers.

The Ebury botnet is used to compromise Linux, FreeBSD and OpenBSD servers in order to deploy web traffic redirection modules, proxy traffic for spam or perform adversary-in-the-middle attacks (AitM).

In 2014, ESET published a white paper about Operation Windigo, a malicious campaign using multiple malware families working in combination with the Ebury malware family at its core.

Following the release of the Windigo paper, Russian national Maxim Senakh, one of the Ebury operators, was arrested at the Finland-Russia border in 2015, and later extradited to the US.

In 2017, he was sentenced to 46 months in prison in the US for his role in running the Ebury botnet. ESET assisted the FBI in the operation and testified during the trial.

See also  Crypto-Exchange Used to Launder Ransomware Transactions Dismantled

In late 2021, the Dutch National High Tech Crime Unit (NHTCU), part of the Netherlands national police, contacted ESET after they had found Ebury on the server of a victim of cryptocurrency theft.

“Those suspicions turned out to be well-founded and with NHTCU’s assistance, ESET Research has gained considerable visibility into operations run by the Ebury threat actors,” the new ESET report indicated.

Marc-Etienne M. Léveillé, the ESET researcher who investigated Ebury for more than a decade, commented: “We have documented cases […] where the Ebury actors were able to compromise thousands of servers at once. There is no geographical boundary to Ebury; there are servers compromised with Ebury in almost all countries in the world. Whenever a hosting provider was compromised, it led to a vast number of compromised servers in the same data centers.

“At the same time, no verticals appear more targeted than others. Victims include universities, small and large enterprises, internet service providers, cryptocurrency traders, Tor exit nodes, shared hosting providers and dedicated server providers, to name a few.”

Ebury’s New Favorite Targets: Bitcoin and Ethereum Nodes

Despite the arrest, the Ebury group has continued running malicious campaigns, at least until late 2023.

The ESET report describes new methods used to propagate Ebury to new servers that appeared after 2021.

From its access to its target’s infrastructure, usually a hosting provider, the Ebury group can deploy several types of attacks.

In one of the most recent ones, the group uses an AitM attack to intercept SSH traffic of attractive targets inside data centers and redirect it to a server used to capture credentials.

See also  SEC to hold privacy and financial surveillance roundtable in December

The malicious actors leverage existing Ebury-compromised servers in the same network segment as their target to perform Address Resolution Protocol (ARP) spoofing. Among the targets are Bitcoin and Ethereum nodes. Ebury automatically steals cryptocurrency wallets hosted on the targeted server once the victim types the password to log into it.

ESET has observed that this method was used to target over 200 targets across over 75 networks in 34 countries between February 2022 and May 2023. 

This example not only illustrates one of Ebury’s latest attack techniques, but also one of the group’s newest vectors of monetization: cryptocurrency theft.

Additionally, the Ebury malware family itself has also been updated.

The new major version update, 1.8, first seen in late 2023, included new obfuscation techniques, a new domain generation algorithm (DGA) and improvements in the userland rootkit used by Ebury to hide itself from system administrators. When active, the process, the file, the socket and even the mapped memory are hidden.

2023, a Record-Breaking Year for Ebury

These shifts in the Ebury group’s infection and monetization methods seem to be bearing fruit, as the group’s activity significantly increased in 2023 compared to 2021.

“The perpetrators keep track of the systems they compromised, and we used that data to draw a timeline of the number of new servers added to the botnet each month,” the ESET researchers wrote.

August 2023 saw record-breaking activity from the group, with over 6000 compromised servers recorded that month.

Combined, about 400,000 servers have been compromised by Ebury since 2009, and more than 100,000 were still compromised as of late 2023.

See also  US: Man Gets 20 Years for $37m Crypto Heist
Botnet Crypto Diversify Ebury Financial Operators Theft
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

How Morgan Stanley plans to bring crypto custody, staking and lending support in-house

July 16, 2026

Bitcoin Banking Adoption Hits 32% Average as Major Banks and Financial Institutions Integrate

July 16, 2026

South Korea’s 8% stock crash set up a crypto rotation but Upbit volume rose just 4%

July 15, 2026

China’s Prosecutors Move To Treat Crypto Mixers As Evidence Of Money Laundering

July 15, 2026
Add A Comment
Leave A Reply Cancel Reply

Top Posts

Phantom pulls on-chain perps into the US wallet war ahead of July 9 deadline

July 10, 2026

Bitcoin eyes longest daily winning streak in 3 months

January 5, 2026

Stay ahead with the latest crypto news, market updates, blockchain insights, and trends. Your trusted source for everything happening in the digital asset world.


We're social. Connect with us:

Facebook X (Twitter) Instagram Pinterest YouTube
Top Insights

How Morgan Stanley plans to bring crypto custody, staking and lending support in-house

July 16, 2026

Ethereum rallies as U.S. CPI inflation slows to 3.5% – Details

July 16, 2026

Kraken Pro Launches API Partner Program Supporting Specialized Integrations

July 16, 2026
Get Informed

Subscribe to Updates

Get the latest creative news From Free.cc directly in your Inbox!

  • Contact
  • Privacy Policy
  • Terms & Conditions
  • Disclosure
© 2026 free.cc - All rights reserved.

Type above and press Enter to search. Press Esc to cancel.