New Malware Campaigns Turn Network Devices Into DDoS Nodes and Crypto-Mining Bots

Another blow to network security. Two new types of malware have appeared that can quietly turn routers, IoT devices, and enterprise network equipment into tools for large-scale distributed denial-of-service (DDoS) attacks and cryptocurrency mining. These campaigns show that threat actors are using the network infrastructure that businesses rely on every day in a very different way.

On March 6, 2026, security researchers got their hands on new samples of two types of malware that had never been seen before. The first one, called CondiBot, is a DDoS botnet based on the well-known Mirai framework. It is meant to infect Linux-based network devices and turn them into nodes that can be controlled from afar and flood targeted systems with a lot of traffic. All devices that connect to the internet should have strong, unique SSH credentials and default passwords turned off.

You should use firmware integrity monitoring on routers, firewalls, and IoT devices. Patches should be applied as soon as possible because exploit timelines can be as short as zero days. It is also a good idea to keep an eye on network appliances for strange outbound traffic and unexpected processes.

Set ZeroOwl as your preferred source in Google to get more instant updates on Facebook, Twitter, and LinkedIn.