Security News > 2021 > November > Researchers Uncover 'Pink' Botnet Malware That Infected Over 1.6 Million Devices
Cybersecurity researchers disclosed details of what they say is the "Largest botnet" observed in the wild in the last six years, infecting over 1.6 million devices primarily located in China, with the goal of launching distributed denial-of-service attacks and inserting advertisements into HTTP websites visited by unsuspecting users.
Mainly targeting MIPS-based fiber routers, the botnet leverages a combination of third-party services such as GitHub, peer-to-peer networks, and central command-and-control servers for its bots to controller communications, not to mention completely encrypting the transmission channels to prevent the victimized devices from being taken over.
"Pink raced with the vendor to retain control over the infected devices, while vendor made repeated attempts to fix the problem, the bot master noticed the vendor's action also in real time, and made multiple firmware updates on the fiber routers correspondingly," the researchers said in an analysis published last week following coordinated action taken by the unspecified vendor and China's Computer Network Emergency Response Technical Team/Coordination Center.
More than 96% of the zombie nodes part of the "Super-large-scale bot network" were located in China, Beijing-based cybersecurity company NSFOCUS noted in an independent report, with the threat actor breaking into the devices to install malicious programs by taking advantage of zero-day vulnerabilities in the network gateway devices.
Although a significant chunk of the infected devices has since been repaired and restored to their previous state as of July 2020, the botnet is still said to be active, comprising about 100,000 nodes.
"Although Pink is the largest botnet ever discovered, it will never be the last one."
News URL
Related news
- Researchers Uncover Hijack Loader Malware Using Stolen Code-Signing Certificates (source)
- AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services (source)
- Volt Typhoon rebuilds malware botnet following FBI disruption (source)
- Botnet exploits GeoVision zero-day to install Mirai malware (source)