The Fbot botnet is a more recent variant of the infamous Mirai Botnet. The operators of the Fbot botnet peak their activity for a set period usually and then go quiet for several weeks. This is likely a tactic to avoid detection. The Fbot botnet is comprised of IoT (Internet-of-Things) devices running Linux-based OS. The devices targeted by the Fbot botnet tend to be smart gadgets and tools, routers, etc. In February 2019, malware researchers found that the Fbot botnet has managed to compromise and hijack more than 25,000 DVR/NVR devices around the globe.
Used For DDoS Attacks
Many operators of botnets opt to plant cryptocurrency miners on the hijacked devices that are then used for mining cryptocurrencies spending the computing power of the host without their owners’ knowledge. However, another very common, and more old-school technique use by botnets is to launch DDoS (Distributed-Denial-of-Service) attacks. The modules used in the DDoS attacks launched are ones that the attackers have borrowed from the notorious Mirai Botnet. So far, the operators of the Fbot botnet have not utilized it in any large-scale DDoS attacks. To compromise the targeted IoT devices, the operators of the Fbot botnet search for known exploits that would allow them to hijack the systems. This is done by scanning the Web in search of systems whose firmware has not been updated.
It is likely that the operators of the Fbot botnet have automated this process, which means that the propagation of the threat that is used to compromise the targeted devices is far faster than it would have been if it were done manually. Devices hijacked by the Fbot botnet are not likely to display any strange behavior. This means that most users whose devices have been compromised by this threat are likely never even to realize what has happened. However, users who monitor their data usage are likely to spot the activity of the Fbot botnet as their device will be using far more bandwidth if it is employed in a DDoS attack.
Cybersecurity researchers are keeping a close eye on the activity of the Fbot botnet and have noticed some interesting behavior. It would appear that the operators of the Fbot botnet may be experiencing some difficulties since the start of 2020, as their C&C (Command & Control) infrastructure seems to have several issues. However, this has not stopped the creators of the Fbot botnet as they are still looking for more vulnerable IoT devices to expand their reach. If you have IoT devices, make sure you update their firmware regularly to avoid falling victim to the Fbot botnet or a similar threat.