Keksec Cybergang Debuts Simps Botnet for Gaming DDoS

2021-05-19 16:53

A recently developed botnet named "Simps" has emerged from the cyber-underground to carry out distributed denial-of-service attacks on gaming targets and others, using internet of things nodes.

According to the Uptycs' threat research team, Simps was first seen in April being dropped on IoT devices by the Gafgyt botnet.

Simps itself then uses Mirai and Gafgyt modules for DDoS functionality, according to the analysis, released on Wednesday.

It's constantly adding to its arsenal; in January, it was seen deploying the FreakOut Linux botnet malware, which does port scanning, information gathering, and data packet and network sniffing, along with DDoS and cryptomining.

As evidence for Simps attribution, Uptycs discovered that one of the Discord messages contained a Gafgyt malware sample that contained an "Infected By Simps Botnet ;)" message.

In the case of Simps, the binaries notably contain modules for launching DDoS attacks against gaming platforms like the Valve Source Engine and OVH. These were also seen in a variant of Gafgyt used by Keksec that targeted Huawei and Asus routers and killed its rival IoT botnets.

News URL

https://threatpost.com/keksec-simps-botnet-gaming-ddos/166306/

#botnet #ddos