A highly sophisticated botnet is believed to have infected hundreds of thousands of websites by attacking their underlying content management system (CMS) platforms.
Named KashmirBlack, the botnet started operating in November 2019.
Security researchers from Imperva —who analyzed the botnet last week in a two–part series— said the botnet’s primary purpose appears to be to infect websites and then use their servers for cryptocurrency mining, redirecting a site’s legitimate traffic to spam pages, and to a lesser degree, showing web defacements.
