An IRC (Internet Relay Chat) bot pressure programmed in GoLang is remaining employed to start distributed denial-of-services (DDoS) attacks focusing on customers in Korea.
“The malware is getting distributed underneath the guise of grownup video games,” scientists from AhnLab’s Security Emergency-reaction Middle (ASEC) explained in a new report printed on Wednesday. “On top of that, the DDoS malware was installed via downloader and UDP RAT was used.”
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
The attack works by uploading the malware-laced game titles to webhards, which refers to a web really hard push or a remote file hosting services, in the form of compressed ZIP archives that, when opened, incorporates an executable (“Sport_Open up.exe”) that’s orchestrated to operate a malware payload aside from launching the actual sport.
This payload, a GoLang-primarily based downloader, establishes connections with a distant command-and-management (C&C) server to retrieve extra malware, including an IRC bot that can execute DDoS attacks.
“It is also a form of DDoS Bot malware, but it employs IRC protocols to converse with the C&C server,” the researchers in depth. “Not like UDP Rat that only supported UDP Flooding attacks, it can also support attacks this sort of as Slowloris, Goldeneye, and Hulk DDoS.”
GoLang’s reduced improvement troubles and its cross-platform assistance have made the programming language a well-known option for danger actors, the scientists extra.
“The malware is becoming dispersed actively by way of file sharing websites this kind of as Korean webhards,” AhnLab mentioned. “As these kinds of, caution is encouraged when approaching executables downloaded from a file-sharing site. It is advocate[ed] for the people to download solutions from the official web sites of developers.”
Observed this report attention-grabbing? Stick to THN on Fb, Twitter and LinkedIn to study far more unique articles we put up.
Some components of this article are sourced from: