Researchers from Qihoo 360 have discovered a brand new, gargantuan botnet, capable of launching more than 100 attacks every single day.
The threat actor is targeting devices such as routers, DVRs, and servers with malware known as Fodcha. In less than a month, the researchers have discovered, the threat actors managed to infect more than 62,000 devices with the Fodcha malware.
At every point in time, roughly 10,000 devices are being used to launch Distributed Denial of Service (DDoS) attacks, using the services of China Unicom (59%) and China Telecom (39%).
Targeting hundreds of victims daily
"Based on direct data from the security community that we worked with, the number of daily live bots are more than 56000," the researchers allegedly said. "The global infection looks fairly big as just in China there are more than 10,000 daily active bots (IPs) and also more than 100 DDoS victims being targeted on a daily basis."
To compromise the endpoints, the attackers are using a slew of exploits that abuse n-day vulnerabilities in devices and services including Android ADB Debug Server RCE, Realtek Jungle SDK, TOTOLINK Routers, ZHONE Routers, and others.
Furthermore, the botnet targets MIPS, MPSL, ARM, x86, and other CPU architectures.
The initial domain used for command-and-control (C2), folded[.]in, was shut down by the vendor, on March 19, the researchers further said. After that, the threat actors migrated to fridgexperts[.]cc.
"The shift from v1 to v2 is due to the fact that the C2 servers corresponding to the v1 version were shutdown by a their cloud vendor, so Fodcha's operators had no choice but to re-launch v2 and update C2," the researchers said.
"The new C2 is mapped to more than a dozen IPs and is distributed across multiple countries including the US, Korea, Japan, and India, it involves more cloud providers such as Amazon, DediPath, DigitalOcean, Linode, and many others."
Via: BleepingComputer