An ongoing analysis of the KmsdBot botnet has raised the possibility that it’s a DDoS-for-hire service offered to other threat actors.
This is based on the different industries and geographies that were attacked, web infrastructure company Akamai said. Among the notable targets included FiveM and RedM, which are game modifications for Grand Theft Auto V and Red Dead Redemption 2, as well as luxury brands and security firms.
KmsdBot is a Go-based malware that leverages SSH to infect systems and carry out activities like cryptocurrency mining and launch commands using TCP and UDP to mount distributed denial-of-service (DDoS) attacks.
However, a lack of an error-checking mechanism in the malware source code caused the criminal operators to inadvertently crash their own botnet last month.
“Based on observed IPs and domains, the majority of the victims are located in Asia, North America, and Europe,” Akamai researchers Larry W. Cashdollar and Allen West said. “The presence of these commands tracks with previous observations of targeted gaming servers and offers a glimpse into the customers of this botnet for hire.”
images from Hacker News