Attacks by a new botnet dubbed Dark Frost, known as distributed denial-of-service (DDoS), have been seen targeting the gaming sector. “The Dark Frost botnet, modeled after Gafgyt, QBot, Mirai, and other malware strains, has expanded to encompass hundreds of compromised devices,” Allen West, a security researcher at Akamai, said in a recent technical analysis.
Targets include gaming businesses, service providers for hosting game servers, internet broadcasters, and even other gamers with whom the threat actor has had direct contact. The botnet consists of 414 computers as of February 2023, each of which is running a different instruction set architecture, including ARMv4, x86, MIPSEL, MIPS, and ARM7.
Botnets often consist of a sizable global network of infected devices. The owners typically utilize the captive hosts to mine cryptocurrencies, steal confidential information, or employ the combined internet capacity of these bots to overwhelm rival websites and internet servers with unwanted traffic, bringing them down. The botnet known as Dark Frost is the most recent version of one that appears to have been put up using stolen source code from several botnet malware strains, including Mirai, Gafgyt, and QBot.
The botnet’s attack potential was estimated by Akamai, which flagged it on February 28, 2023, and reverse-engineered it to be at 629.28 Gbps using a UDP flood attack. Since at least May 2022, the threat actor is thought to have been operating. Further evidence of the adversary’s financial objectives and ambitions to develop it as a DDoS-for-hire service is the establishment of a Discord channel to assist assaults in exchange for money.
The web infrastructure business added that what makes this specific case intriguing is that the perpetrator of these attacks has made live footage of their attacks available for public viewing. The actor was seen using the botnet for small-scale online conflicts, bragging about their accomplishments on social media, and even adding digital signatures to their binary files.
Dark Frost serves as a contemporary illustration of how simple it is for inexperienced hackers to leap into action employing pre-existing malware to cause serious harm to businesses. According to West, although their methods are not very unique, the reach that these threat actors may have is astounding. Even if it is not the most sophisticated or cunning foe, the Dark Frost botnet has amassed hundreds of hacked machines to carry out its orders.