<\/a><\/figure><\/div>\n\n\nThe threat actors use scheduled tasks created at several points in the infection chain to maintain persistence.<\/gwmw><\/p>\n\n\n\n
As of July 15, 2024, 8,453 clients were connected to rosettahome[.]cn and 1,579 clients to rosettahome[.]top. Interestingly, neither server had executed any tasks on the hosts, indicating that no BOINC communication protocols, such as tasks or computing, had been initiated.<\/p>\n\n\n\n
The BOINC Project Administrators and community are aware of the software’s misuse since June 26, 2024. Huntress experts also contacted the BOINC Project to inform them of their observations and tracking of these behaviors.<\/gwmw><\/p>\n\n\n\n
The report provides indicators of compromise along with Yara and Sigma rules.<\/p>\n\n\n\n