New Mirai-Based 'Gayfemboy' Botnet Launches Widespread DDoS Attacks
A new Mirai-based botnet, dubbed 'gayfemboy', has been discovered exploiting zero-day vulnerabilities to spread rapidly. Since February 2024, it has been launching DDoS attacks, with peak activity in late 2023.
The 'gayfemboy' botnet employs more than 20 vulnerabilities and weak Telnet passwords to infect systems. It has targeted hundreds of victims daily across various sectors in China, the US, Germany, the UK, and Singapore. Researchers have observed around 15,000 active IPs, predominantly located in China, Russia, the US, Iran, and Turkey.
The botnet exploits a zero-day bug in Four-Faith industrial routers (CVE-2024-12856) and previously unseen vulnerabilities in Neterbit routers and Vimar smart home devices. It incorporates n-day and zero-day vulnerability exploitation to aid its expansion. Most active IP addresses belong to Vietnam.
Researchers from XLab discovered the botnet but were forced to stop resolving its command-and-control (C2) domain name due to lack of DDoS mitigation service. After registering C2 domain names for analysis, the botnet herders targeted the researchers' VPS.
The 'gayfemboy' botnet poses a significant threat due to its use of zero-day exploits and rapid expansion. With peak activity in late 2023 and ongoing DDoS attacks since February 2024, it has targeted a wide range of sectors and regions. Further research and mitigation efforts are needed to combat this threat.
Read also:
- Trump and Xi speak over the phone, according to China's confirmation.
- NVIDIA introduces Blackwell to the cloud and unveils the significant enhancement of GeForce Now at Gamescom 2025, marking a major step in cloud gaming technology.
- Strategies for Adhering to KYC/AML Regulations in India, a Leading Fintech Center (2024)
- Strategies for Poland, Ukraine, and NATO to combat unmanned Russian aerial threats.
