Researchers have uncovered a new variant of Gafgyt malware (aka BASHLITE) that infects home and small-office routers and networking equipment in order to recruit them into a botnet that bombards gaming servers with distributed denial of service attacks. One of its attacks involves a payload is specifically designed to attack servers running Valve Corporation's Source video game engine.

Discovered last month by the Palo Alto Networks Unit 42 threat intelligence team, the new variant appears to be a modification of a previous variant called JenX. Like JenX, it can infect the Huawei HG532 model router and Realtek RTL81XX network drivers, but it also has the newly added capability of compromising the Zyxel P660HN-T1A.

The new Gafgyt variant finds these vulnerable Linux-based devices using online scanners and then recruits the equipment into their botnet by leveraging remote code execution exploits that pull binary code from a malicious server using the computer program wget. This binary forms a connection between the device and the C2 server, so the device can send IP address and architecture information about itself and the server can reply with a command to join the botnet and commence DDoS attacks.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.