Researchers discover a botnet, called JenX, linked to a hacking group that also hosts servers for Grand Theft Auto mods.
Call it Grand Theft Bot-o.
Researchers from security company Radware have discovered a new botnetdesigned to advantage of weak internet-of-things devices spread around the world. The botnet, which Radware calls JenX, uses the same techniques and codes as the Mirai botnet, a massive network of hacked devices thatin 2016.
Botnets are networks of devices hijacked by hackers, who can then use them to attack servers, send spam emails or mine for cryptocurrency. Often they’re used for distributed denial-of-service attacks, which flood servers with so much traffic that it forces them to go offline.
Radware’s researchers said JenX is linked to San Calvicie, a hacking group with a server located in Seychelles, a small island country off the coast of eastern Africa. But the hacking group does more than just DDoS attacks: It also hosts a Grand Theft Auto: San Andreas server.
The botnet’s host server traced back to San Calvicie’s website, which offers hosting for the Rockstar Games title, released in 2004. Players create mods for the 14-year-old game and host them online so others can join in. San Calvicie offers servers for hosting for GTA: San Andreas, as well as protection against DDoS attacks, for $16 a month.
At the same time, the group is also offering DDoS attacks on demand for $20, under the name “Corriente Divina,” or “Divine Stream.” The advertisement reads, “God’s wrath will be employed against the IP that you provide us.”
The group originally offered the volume of attacks at 100Gbps, but tripled it to 300Gbps after it started building the JenX botnet on Monday. Radware’s researchers said JenX is a lot stealthier than the Mirai botnet, and it’s hard to determine how many devices are hijacked unless you’re the target of the attack.
It does have the potential to reach hundreds of thousands of devices, Radware noted.
“A customer would use this service to attack competing servers that are hosted by other providers,” said Pascal Geenens, a security researcher at Radware.
The post also said the botnet could take down OVH, a.
JenX echoes Mirai in having a connection between online gaming servers and on-demand DDoS attacks. The hackers behind Mirai had a deep interest in Minecraft and originally created their botnet to attack competing servers hosting the game. A group of researchers from Google, Akamai, Cloudflare and several universities, meanwhile, have noted that part of the Mirai-driven internet outage stemmed from an attack on PlayStation network servers.
Take-Two Interactive, the parent company of Rockstar, did not immediately respond to a request for comment.