[German]Security researchers have recently encountered a family of botnets called Gafgyt that targets D-Link, Citrix and IoT devices. It is the first malware family to attack vulnerabilities in devices via the Tor network.
Advertising
I became aware of the issue the days via the following tweet, which is explained in more detail in this article.
Gafgyt is a botnet that was uncovered in 2014. It is notorious for launching large-scale distributed denial-of-service (DDoS) attacks. Security researchers now discovered the activities of the latest variant, which they call Gafgyt_tor, for the first time on February 15, 2015.
To evade detection, Gafgyt_tor uses the Tor anonymization network to hide its command-and-control (C2) communications and encrypts sensitive strings in messages. The use of Tor by malware families is nothing new, but researchers said they have not seen Gafgyt exploit the anonymity network before. More details can be found in this article.
