Simps Botnet Borrows Features from Mirai and Gafgyt Malware
Botnet projects have been on the rise ever since Mirai Botnet's source code was published online. This allowed cybercriminals to create dozens of spin-offs, many of which had fairly 'successful' campaigns. Typically, botnets are used for one of these purposes – mining cryptocurrency, sending out spam, ad fraud, or engaging in distributed-denial-of-service (DDoS) activities. The botnet we are discussing today belongs to the latter category.
The Simps Botnet's creators have opted to use code and libraries from two of the most popular botnet projects in recent years – Mirai and Gafgyt. It is entirely dedicated to executing DDoS attacks, and it is likely that its operators are renting it out to other hackers. Surprisingly, Simps Botnet's authors are very bold when it comes to promoting the project – they have set up a Discord server dedicated to communicating with potential customers, and they have uploaded several YouTube videos demonstrating the Simps Botnet.
The data published on YouTube and Discord shows that the Simps Botnet is fairly new – the first discussions about it date back to April 2021. The Simps Botnet payloads are meant to run on devices using the ARM architecture, and the primary targets of the botnet appear to be routers and home smart devices. Of course, the criminals are exploiting the devices by using one of two infection vectors:
- Gaining access by using the default login credentials or poor passwords (e.g., 123456.)
- Exploiting vulnerable devices running outdated firmware riddled with bugs.
Users whose devices have been compromised by the Simps Botnet may not notice anything out of the ordinary since this implant does not try to affect the device's performance or stability. The only downside they may notice is that their network bandwidth will occasionally spike when the botnet is carrying out a DDoS attack.
To protect your devices from the Simps Botnet and similar threats, users should protect all Internet-connected devices with a good password. Furthermore, they should never postpone updates since they may end up exposing themselves to remote attacks because of new vulnerabilities. Protecting your Internet-of-things (IoT) devices can be easy with guides like 5 Security Tips That Will Help You Protect Your IoT Devices.