Gwmndy Botnet Description
Many cybercriminals opt to create botnets as they can be used in many different ways. For example, a network of hijacked computers can be used to launch DDoS (Distributed-Denial-of-Service) attacks. Another purpose for them is for cryptocurrency mining where the operators of the botnet employ unsuspecting users' computers to mine cryptocurrency for them, which can be very profitable. With more and more devices becoming 'smart' and having the option to connect to the Internet, cyber crooks have found a new niche to attack. This gave the rise of the IoT (Internet-of-Things) botnets. One such example is the Gwmndy Botnet.
Only 200 New Infected Devices Daily
The operators of the Gwmndy Botnet have chosen to keep it on the down-low by only infecting about 200 IoT devices a day. This is likely done so that malware researchers have a harder time spotting the activity of the Gwmndy Botnet. Another explanation may be because the creators of the Gwmndy Botnet do not need a very large botnet for whatever campaigns they are preparing to launch.
Targets East Asia
It would seem that most of the compromised devices are located in East Asia, namely the Philippines and Thailand. The Gwmndy Botnet appears to only consist of routers that have been produced by the company Fiberhome. Perhaps the motive for this is that the operators of the Gwmndy Botnet have discovered a vulnerability in the configuration of this device and are taking full advantage of it. However, some speculate that the explanation may be simpler. Perhaps the users that got infected did not change the default username and password on their devices, and the attackers simply logged in.
Works as a Proxy Server
The creators of the Gwmndy Botnet have opted to configure the routers to work as a proxy server that the attacker can use silently. Recently, there was another instance where the attackers have done just that, and it was in the case of the SystemBC malware. The exact purpose of the compromised routers is not yet clear. While the attacker may opt to use them as network infrastructure for their own malware, they may also opt to rent them out to cybercriminals.
Many IoT devices are not well configured when it comes to cybersecurity, and an increasing number of cybercriminals are taking advantage of this.
Do You Suspect Your PC May Be Infected with Gwmndy Botnet & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Gwmndy Botnet as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your PC. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.