Security News > 2022 > April > New Fodcha DDoS botnet targets over 100 victims every day
A rapidly growing botnet is ensnaring routers, DVRs, and servers across the Internet to target more than 100 victims every day in distributed denial-of-service attacks.
The number of unique IP addresses linked to the botnet also oscillates, with 360 Netlab saying that they're tracking a 10,000-strong Fodcha army of bots using Chinese IP addresses every day, most of them using the services of China Unicom and China Telecom.
"The global infection looks fairly big as just in China there are more than 10,000 daily active bots and also more than 100 DDoS victims being targeted on a daily basis."
The Fodcha infects new devices using exploits designed to abuse n-day vulnerabilities in multiple devices and a brute-force cracking tool dubbed Crazyfia.
Fodcha operators use Crazyfia scan results to deploy malware payload after successfully gaining access to vulnerable Internet-exposed devices samples on the vulnerable devices.
"The new C2 is mapped to more than a dozen IPs and is distributed across multiple countries including the US, Korea, Japan, and India, it involves more cloud providers such as Amazon, DediPath, DigitalOcean, Linode, and many others."