Safe Breach Labs cybersecurity experts: The threat actor infects victims via Farsi phishing emails with a PowerShell stealer malware.
Uptycs: The Gafgyt botnet exploits Mirai code. The Linux malware, aka Bashlite, mainly targets vulnerable IoT devices and reuses some modules from the old botnet
Gafgyt exploits Mirai code. It has been discovered by Uptycs cybersecurity experts. The Linux botnet, aka Bashlite, is a prominent malware family, which mainly targets vulnerable IoT devices. The objective is to turn them into bots, so to perform DDoS attacks on specifically targeted IP addresses. The malicious code also uses some of the existing exploits (CVE-2017-17215, CVE-2018-10561) to download the next stage payloads. Several variants of Gafgyt have re-used some code modules from the Mirai source code. The modules are:
- HTTP flooding;
- UDP flooding;
- TCP flooding;
- STD module;
- Telnet Bruteforce.