A new botnet called Dark Frost has been observed launching distributed denial-of-service (DDoS) attacks against the gaming industry.
“The Dark Frost botnet, modeled on Gafgyt, QBot, Mirai, and other types of malware, has grown to include hundreds of compromised devices,” security researcher Akamai Allen West said in a new technical analysis shared with The Hacker News.
Targets include game companies, hosting game servers
providers, online streamers, and even other members of the gaming community who interact directly with threat actors.
As of February 2023, the botnet consists of 414 machines running various instruction set architectures such as ARMv4, x86, MIPSEL, MIPS, and ARM7.
Botnets typically consist of a wide network of compromised devices around the world. Operators tend to use enslaved hosts to mine cryptocurrencies, steal sensitive data, or leverage the collective internet bandwidth of these bots to take down websites and other internet servers by flooding the target with junk traffic.
Dark Frost represents the latest iteration of a botnet that appears to have conflated by stealing the source code of various types of malware botnets such as Mirai, Gafgyt, and QBot.
Akamai, which reengineered the botnet after tagging it on February 28, 2023, pegs its attack potential at around 629.28 Gbps via UDP flood attack. The threat actor is believed to be active since at least May 2022.
“What makes this particular case interesting is that the actor behind this attack has published live footage of their attack for all to see,” the web infrastructure company said.
“The actor bragged about their achievements on social media, used botnets for petty online discord, and even left digital signatures on their binary files.”
Adversaries have further set up Discord channels to facilitate attacks in exchange for money, demonstrating their financial motivation and plans to perfect it as a DDoS rental service.
Dark Frost is a modern example of how easy it is for novice cybercriminals with rudimentary coding skills to spring into action using readily available malware to cause significant damage to enterprises.
“The range these threat actors can have is astounding despite their lack of technique,” West said. “While not the most sophisticated or mind-bending adversary, the Dark Frost botnet has still managed to amass hundreds of compromised devices to do its bidding.”