Palo Alto Networks researchers discovered a new version of Gafgyt botnet targeting home & small office wireless routers, including Zyxel and Huawei routers, as well as devices with Realtek RTL81xx chipset.
According to the experts, crooks are using the
“In September 2019, during the proactive IoT threat-hunting process conducted daily by the Unit 42 (formerly Zingbox security research) team, we discovered an updated Gafgyt variant attempting to infect IoT devices; specifically small office/home wireless routers of known commercial brands like Zyxel, Huawei, and Realtek.” reads the analysis published by PaloAlto Networks. “This Gafgyt variant is a competing botnet to the JenX botnet, which also uses remote code execution exploits to gain access and recruit routers into botnets to attack gaming servers – most notably those running the Valve Source engine – and cause a Denial of Service (DoS).”
Experts from Palo Alto Networks’ Unit 42 pointed out that two of the three exploits included in the new variant of the Gafgyt were also present in JenX:
Al the flaws are old, this means that attackers aim
Querying the Shodan search engine for vulnerable devices experts obtained 32,000 results.
The new Gafgyt variant can run multiple types of
“This payload is widely used to cause a Distributed reflection Denial of Service (DrDoS), which involves multiple victim machines that unwittingly participate in a DDoS attack.” continues the analysis. “The Source Engine Query is part of routine communications between clients and game servers using Valve software protocols. Requests to victim host machines are redirected, or reflected, from the victim hosts to the target. As a consequence, they also elicit an amplified amount of attack traffic, causing a
Experts discovered that the new Gafgyt bot also attempt to deactivate any competing bot installed on the target machine by searching for binary names and keywords associated with other IoT bots, including Mirai, JenX, Hakai, Miori, and Satori.
Experts also provided some data related to hit-and-run DDoS services available online and
The price ranges between $8 and $150 USD.
“Wireless routers are widely used in all industries, making them common targets of these types of attacks and we’re constantly looking for new malware against which we can protect our customers. The diversity of hosts attacked by