New Botnet Malware “Gorilla” Unleashed: A Variant of Mirai Source Code

The cybersecurity world has a new threat on its hands with the emergence of the GorillaBot, a new botnet malware family that is causing chaos across the digital landscape. This variant of the infamous Mirai botnet source code has been wreaking havoc with over 300,000 attack commands issued in just a few weeks.

The cybersecurity firm NSFOCUS has been tracking the activities of GorillaBot since last month and has found that the botnet has been launching distributed denial-of-service (DDoS) attacks at an alarming rate. With an average of 20,000 attack commands being issued every day, the botnet has targeted a wide range of sectors including universities, government websites, banks, and gaming platforms in over 100 countries.

The primary weapons in GorillaBot’s arsenal are UDP flood, ACK BYPASS flood, Valve Source Engine (VSE) flood, SYN flood, and ACK flood attacks. These tactics allow the botnet to generate a massive amount of traffic by exploiting the connectionless nature of the UDP protocol and carrying out arbitrary source IP spoofing.

What makes GorillaBot even more dangerous is its ability to exploit a security flaw in Apache Hadoop YARN RPC for remote code execution. This flaw has been exploited in the wild since 2021, highlighting the advanced capabilities of this new botnet malware.

To maintain control over infected devices, GorillaBot uses encryption algorithms commonly employed by the Keksec group and employs multiple techniques to avoid detection. With capabilities to support multiple CPU architectures and connect to predefined command-and-control servers, GorillaBot is proving to be a formidable adversary in the cybersecurity landscape.