Gorillabot

GorillaBot, a new variant of the infamous Mirai malware family, has caused significant disruptions with a sharp surge in Distributed Denial-of-Service (DDoS) attacks over the past month. From September 4 to September 27, the malicious software launched approximately 300,000 attacks impacting around 20,000 organizations globally, nearly 4,000 of which were based in the United States. According to researchers at NSFocus, GorillaBot supports multiple architectures including ARM, MIPS, x86_64, and x86, and is characterized by its unique signature message: "gorilla botnet is on the device ur not a cat go away." The GorillaBot malware utilizes five built-in command-and-control servers (C2s) to issue continuous attack commands throughout each day. Nearly a quarter of these attacks employed TCP ACK Bypass flood methods, designed to overload the target system with junk data. The online package and command parsing module reuse Mirai source code, indicating that while GorillaBot is a new variant, it shares some foundational elements with its predecessor. Despite its Mirai roots, GorillaBot comes equipped with an expanded arsenal of DDoS attack methods, totaling 19 different strategies. This includes various types of DDoS floods via UDP packets and TCP Syn and ACK packets. As a result, GorillaBot presents a considerably more potent threat than previous iterations, posing a significant challenge for cybersecurity professionals and organizations worldwide.