Qihoo 360 researchers have discovered a gigantic new botnet capable of launching more than 100 attacks per day.
The threat actor targets devices such as routers, DVRs, and servers with malware known as Fodcha. In less than a month, researchers found that threat actors managed to infect more than 62,000 devices with Fodcha malware.
At any given time, around 10 devices are used to launch Distributed Denial of Service (DDoS) attacks, using the services of China Unicom (000%) and China Telecom (59%).
It targets hundreds of victims daily
“Based on direct data from the security community we work with, the number of daily live bots exceeds 56,000,” the researchers said. "The global infection seems quite large because in China alone there are more than 10,000 active bots (IPs) daily and also more than 100 DDoS victims attacked daily."
To compromise endpoints, attackers use a number of exploits that take advantage of n-day vulnerabilities in devices and services, including Android ADB Debug Server RCE, Realtek Jungle SDK, TOTOLINK routers, ZHONE routers, and others.
Additionally, the botnet targets MIPS, MPSL, ARM, x86, and other CPU architectures.
The initial domain used for command and control (C2), dubbed[.]en, was shut down by the vendor on March 19, the researchers added. After that, the threat actors migrated to fridgeexperts.[.]CC.
"The change from v1 to v2 is due to the fact that their cloud provider stopped the C2 servers corresponding to the v1 version, so the Fodcha operators had no choice but to relaunch v2 and update C2," the researchers said. .
"The new C2 is assigned to more than a dozen IP addresses and is distributed in several countries, including the United States, Korea, Japan and India, involving more cloud providers such as Amazon, DediPath, DigitalOcean, Linode and many more."