Researchers report massive upgrade to Fodcha DDoS botnet

BleepingComputer reports that researchers have discovered a new version of the Fodcha DDoS botnet, featuring upgrades to deter analysis by security researchers and the ability to inject ransom demands into packets. The researchers at 360Netlab who discovered the botnet in April 2022 said it has steadily been receiving upgrades over time and its current version 4 is now targeting 1,000 victims daily on average, compared with 100 per day in April, and operates 60,000 active bot nodes per day supported by 42 C2 domains, allowing it to generate up to 1Tbps of destructive traffic. The botnet achieved a new peak on Oct. 11, 2022, in which it attacked 1,396 targets, and currently has a global reach with targets infected in Brazil, Canada, Japan and Australia. According to researchers, operators are now also able to embed ransom demands in the Data portion of Fodchas DDoS packets, informing victims that they seek payment of 10 XMR or Monero worth around $1,500 in exchange for stopping the attacks.