DDoS IRC Bot Malware Spreading Through Korean WebHard Platforms

1 year ago 123

An IRC (Internet Relay Chat) bot strain programmed in GoLang is being used to launch distributed denial-of-service (DDoS) attacks targeting users in Korea.

"The malware is being distributed under the guise of adult games," researchers from AhnLab's Security Emergency-response Center (ASEC) said in a new report published on Wednesday. "Additionally, the DDoS malware was installed via downloader and UDP RAT was used."

Automatic GitHub Backups

The attack works by uploading the malware-laced games to webhards, which refers to a web hard drive or a remote file hosting service, in the form of compressed ZIP archives that, when opened, includes an executable ("Game_Open.exe") that's orchestrated to run a malware payload aside from launching the actual game.

DDoS IRC Bot Malware

This payload, a GoLang-based downloader, establishes connections with a remote command-and-control (C&C) server to retrieve additional malware, including an IRC bot that can perform DDoS attacks.

DDoS IRC Bot Malware

"It is also a type of DDoS Bot malware, but it uses IRC protocols to communicate with the C&C server," the researchers detailed. "Unlike UDP Rat that only supported UDP Flooding attacks, it can also support attacks such as Slowloris, Goldeneye, and Hulk DDoS."

Prevent Data Breaches

GoLang's low development difficulties and its cross-platform support have made the programming language a popular choice for threat actors, the researchers added.

"The malware is being distributed actively via file sharing websites such as Korean webhards," AhnLab said. "As such, caution is advised when approaching executables downloaded from a file-sharing website. It is recommend[ed] for the users to download products from the official websites of developers."

Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.

Read Entire Article