DDoSia Malware Updated, Adding Encryption

According to cybersecurity company Sekoia, the creators of the DDoSia attack tool have introduced a new version that incorporates a different method for obtaining the list of targets to be bombarded with junk HTTP requests. The updated variant, written in Golang, includes an additional security measure to conceal the transmitted list of targets from the command-and-control to the users.

Sekoia mentioned that DDoSia is attributed to a pro-Russian hacker group known as NoName(057)16. Initially launched in 2022 as a successor to the Bobik botnet, DDoSia is designed to conduct distributed denial-of-service attacks primarily targeting locations in Europe, Australia, Canada, and Japan.

Summer 2023 Attacks Target European Countries

During the period between May 8 and June 26, 2023, the countries most affected by DDoSia attacks were Lithuania, Ukraine, Poland, Italy, Czechia, Denmark, Latvia, France, the U.K., and Switzerland. A total of 486 different websites experienced the impact.

DDoSia has been implemented in Python and Go, making it a cross-platform program capable of functioning on Windows, Linux, and macOS systems. SentinelOne, in an analysis published in January 2023, described DDoSia as a multi-threaded application that carries out denial-of-service attacks by repeatedly sending network requests based on instructions received from a configuration file obtained from a C2 server.

The distribution of DDoSia occurs through an automated process on Telegram, where individuals can register for the crowdsourced initiative by making a cryptocurrency payment and receiving a ZIP archive containing the attack toolkit.

The notable aspect of the new version is the use of encryption to obfuscate the list of targets to be attacked, suggesting that the operators actively maintain the tool.

Why Has Golang Become a Popular Tool Among Malware Developers?

Golang, also known as Go, has gained popularity as a programming language for developing malware due to several factors. Here's a paraphrased response:

Golang, or Go, has emerged as a popular choice for developing malware due to several reasons. First, Go offers a clean and concise syntax that is easy to understand and write, making it an attractive option for developers, including those with malicious intent. Its simplicity and efficiency enable rapid development and deployment of malware.

Additionally, Go provides built-in features that contribute to the stealth and resilience of malware. For instance, it offers strong support for concurrency, allowing malware to perform multiple tasks simultaneously, making it harder to detect and mitigate. Go also offers robust networking capabilities, which are essential for malware to communicate with command-and-control servers or carry out various malicious activities.

Another factor contributing to the popularity of Go in malware development is its ability to compile into standalone binaries. This means that malware written in Go does not require external dependencies or runtime environments, making it more portable and easier to distribute across different operating systems without compatibility issues.