Akamai experts have discovered a new Dark Frost botnet that specializes in DDoS attacks against gaming industry companies. According to experts, the botnet was created based on the source codes of Gafgyt, QBot, Mirai, and other similar malware stitched together. As of February 2023, the botnet included 414 machines with various architectures, including ARMv4, x86, MIPSEL, MIPS, and ARM7. The malware is believed to have been active since at least May 2022.
The targets of the botnet operator include gaming companies, game server hosting providers, online streamers, and other members of the gaming community with whom the attacker interacted and had conflicts. Akamai, who reverse-engineered the botnet, estimates its potential at around 629.28 Gbps through a UDP flood attack.
The attacker behind these attacks posted live recordings of their attacks on social media, used the botnet in small online disputes, and even left digital signatures in a binary file. They also created a Discord channel to facilitate ransomware attacks and stated that they intend to turn Dark Frost into a DDoS attack service for hire.
Experts say that Dark Frost is a prime example of how easy it is for novice cybercriminals with basic programming skills to cause significant business damage using already available malware.
