Gafgyt is a botnet that uses Mirai DDoS modules

First discovered in 2014, Gafgyt (also known as Bashlite) generally targets vulnerable IoT devices such as Huawei routers, Realtek routers, and ASUS devices, and in turn also uses exploits to hack and access computers. According to the researchers, the Gafgyt malware variants have a very similar functionality to Mirai, since most of the code was copied.

Features of the Gafgyt botnet

Meanwhile, the latest versions of Gafgyt contain new approaches to achieving the initial engagement of IoT devices, Uptycs discovered; This is the first step in turning infected devices into bots and then DDoS attacks on specific IP addresses. These include a module copied from Mirai for Telnet brute force and additional exploits for existing vulnerabilities on Huawei, Realtek and GPON devices.

Recent versions of Gafgyt also incorporate a brute-force telnet scanner, copied from Mirai, as well as the GPON exploit (CVE-2018-10561), which is used to bypass authentication on vulnerable Dasan GPON routers.

IoT botnets like Gafgyt are constantly evolving. For example, researchers in March discovered what they said is the first variant of the Gafgyt botnet family that hides its activity using the Tor network and thus botnets are a threat that should not be ignored.

Malware authors may not always innovate, and researchers often find that malware authors copy and reuse leaked malware source code, ”Uptycs said. To prevent such attacks, users should regularly monitor suspicious processes, events, and network traffic generated by running any untrusted binaries, and keep systems and firmware up-to-date with the latest versions and patches remember that you can never be prepared enough.

Check also:
DDoS attacks increased 350% after lockdown
What are the most common DDoS attacks
FreakOut – A Botnet targeting Linux
IPStorm – What we know about this botnet

---