DDoS IRC Bot Malware Spreading Through Korean WebHard Platforms

2022-01-19 20:23

An IRC bot strain programmed in GoLang is being used to launch distributed denial-of-service attacks targeting users in Korea.

"Additionally, the DDoS malware was installed via downloader and UDP RAT was used."

The attack works by uploading the malware-laced games to webhards, which refers to a web hard drive or a remote file hosting service, in the form of compressed ZIP archives that, when opened, includes an executable that's orchestrated to run a malware payload aside from launching the actual game.

This payload, a GoLang-based downloader, establishes connections with a remote command-and-control server to retrieve additional malware, including an IRC bot that can perform DDoS attacks.

"It is also a type of DDoS Bot malware, but it uses IRC protocols to communicate with the C&C server," the researchers detailed.

"The malware is being distributed actively via file sharing websites such as Korean webhards," AhnLab said.

News URL

https://thehackernews.com/2022/01/ddos-irc-bot-malware-spreading-through.html

#BOT #ddos #malware