First discovered in 2014, Gafgyt (also known as Bashlite) generally targets vulnerable IoT devices such as Huawei routers, Realtek routers, and ASUS devices, and in turn also uses exploits to hack and access computers. According to the researchers, the Gafgyt malware variants have a very similar functionality to Mirai, since most of the code was copied.
Features of the Gafgyt botnet
Meanwhile, the latest versions of Gafgyt contain new approaches to achieving the initial engagement of IoT devices, Uptycs discovered; This is the first step in turning infected devices into bots and then DDoS attacks on specific IP addresses. These include a module copied from Mirai for Telnet brute force and additional exploits for existing vulnerabilities on Huawei, Realtek and GPON devices.
Recent versions of Gafgyt also incorporate a brute-force telnet scanner, copied from Mirai, as well as the GPON exploit (CVE-2018-10561), which is used to bypass authentication on vulnerable Dasan GPON routers.
IoT botnets like Gafgyt are constantly evolving. For example, researchers in March discovered what they said is the first variant of the Gafgyt botnet family that hides its activity using the Tor network and thus botnets are a threat that should not be ignored.
Malware authors may not always innovate, and researchers often find that malware authors copy and reuse leaked malware source code, ”Uptycs said. To prevent such attacks, users should regularly monitor suspicious processes, events, and network traffic generated by running any untrusted binaries, and keep systems and firmware up-to-date with the latest versions and patches remember that you can never be prepared enough.
Check also:
DDoS attacks increased 350% after lockdown
What are the most common DDoS attacks
FreakOut – A Botnet targeting Linux
IPStorm – What we know about this botnet
[…] check:Avaddon, the ransomware that uses DDoS attacksGafgyt is a botnet that uses Mirai DDoS modulesPing of Death, One of the first threats on the […]
[…] customers and have uploaded several YouTube videos that demonstrate the Simps Botnet.See Also:Gafgyt is a botnet that uses Mirai DDoS modulesBotnets using Tor, A threat exploited by […]
[…] check:Gafgyt is a botnet that uses Mirai DDoS modulesFreakOut – A Botnet targeting […]