Security News > 2021 > March > D-Link, IoT Devices Under Attack By Tor-Based Gafgyt Variant
Researchers have discovered what they say is the first variant of the Gafgyt botnet family to cloak its activity using the Tor network.
In order to evade detection, Gafgyt tor uses Tor to hide its command-and-control communications, and encrypts sensitive strings in the samples.
"Compared with other Gafgyt variants, the biggest change of Gafgyt tor is that the C2 communication is based on Tor, which increases the difficulty of detection and blocking," said researchers with NetLab 360 on Thursday.
"After initializing the proxy list, the sample will select a random node from the list to enable Tor communication via tor retrieve addr and tor retrieve port," said researchers.
"The core function of Gafgyt tor is still DDoS attacks and scanning, so it mostly follows the common Gafgyt directive," said researchers.
In 2019, researchers warned of a new Gafgyt variant adding vulnerable IoT devices to its botnet arsenal and using them to cripple gaming servers worldwide.
News URL
https://threatpost.com/d-link-iot-tor-gafgyt-variant/164529/