DDG Botnet

By GoldSparrow in Botnets

The DDG Botnet is a rather recent operation. The first time malware researchers came across the DDG Botnet was back at the start of 2018. The majority of botnets are used for launching DDoS (Distributed-Denial-of-Service) attacks against targeted users or organizations. However, the main purpose of the DDG Botnet is different. The goal of the DDG Botnet is to plant cryptocurrency miners on the compromised systems and use their computing power to generate cash. The DDG Botnet is designed to mine the Monero cryptocurrency. To compromise a device, the DDG Botnet would scan the Web for SSH connections, which are accessible. Next, the DDG Botnet would brute force the login process using a list that consists of 17,907 passwords and the username' root.'

The DDG Botnet is not very feature-rich as its only purpose is mining for cryptocurrency. However, the DDG Botnet has one intriguing capability. In case the connection with the attackers' C&C (Command & Control) server fails, this botnet can utilize peer-to-peer communication. This allows the DDG Botnet never to halt operating, even if the attackers' servers get taken down or malfunction. So far, there are about 20,000 systems that are part of the DDG Botnet. The peak of the DDG Botnet's activity was over one year ago - February 2019. Despite this, the operators of the DDG Botnet are still active and continue to release regular updates. Among the latest updates was the aforementioned peer-to-peer communication that ensures the DDG Botnet is always operational.

The newest update allows every device that is part of the DDG Botnet to connect to and communicate with up to 200 botnet nodes. This is where the system can receive commands from. The compromised systems that are part of the botnet can:

  • Share configuration files.
  • Share instructions.
  • Share new payloads.

For example, if one of the compromised systems needs to obtain the newest update, it will connect to another infected device and seek the update files from it. If the latter is not in possession of the update, the first device will continue contacting other infected devices until it receives the update from one of them.

The DDG Botnet has a lot of potentials to grow, and this newest update gives it an edge over other competing botnets definitely. If you want to keep your computer protected from threats, you should consider investing in a genuine anti-virus application.


Most Viewed