frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Paid $2400 to Cloudflare, support refuses to help

117•thekonqueror•12h ago•21 comments

Aura – Detecting Fake Cell Towers with RF Fingerprinting AI

6•sadpig70•3h ago•0 comments

Know Your Rights: A Legal Survival Guide for Indian College Students (2024 Laws)

2•Chakrabarti•15m ago•0 comments

Ask HN: What Single File Web Apps do you know of?

4•calebm•6h ago•5 comments

How WASM DB and worker messaging helped me handle 500MB in 2s in browser

4•vinserello•11h ago•1 comments

What problems are worth solving?

6•KopyWasTaken•7h ago•2 comments

C++ ranges/views vs. Rust iterator

2•bijan7•8h ago•1 comments

Mirai Variant "Gayfemboy" Infecting 15K+ Devices Daily – Mitigation Ideas?

7•garduno_AA•9h ago•3 comments

GitHub Attack – branches sending secrets to webhook

6•danieldspx•9h ago•2 comments

Ask HN: What's a good 3D Printer for sub $1000?

5•lucideng•11h ago•4 comments

Ask HN: Does anyone have any screenshots of fucked company?

3•iamflimflam1•12h ago•4 comments

Cloudflare Security Mistriages on Account Takeover

4•matured_kazama•13h ago•0 comments

Ask HN: Costs for US sales tax compliance for a two-sided marketplace

3•throway-9998888•16h ago•1 comments

Google Ends Support for Lynx Browser

102•zhenyi•5d ago•43 comments

Ask HN: Getting over Burnout with Imposter Syndrome

20•chrsig•3d ago•5 comments

Git Without Stash/Tags

3•birb07•1d ago•5 comments

Lost $300 due to an API key leak from "vibe coding" – Learn from my mistake

4•liulanggoukk•1d ago•11 comments

Ask HN: Who wants to be hired? (September 2025)

124•whoishiring•2w ago•390 comments

You've reached the end!

Open in hackernews

Mirai Variant "Gayfemboy" Infecting 15K+ Devices Daily – Mitigation Ideas?

7•garduno_AA•9h ago
Hey HN,

I’m a pentester and recently came across a new Mirai-based botnet called Gayfemboy (yes, the name sounds like a meme, but the threat is real). It’s currently infecting over 15,000 devices daily, mostly targeting routers and network gear from Cisco, TP-Link, DrayTek, and Raisecom.

What it does:

Launches DDoS attacks (UDP, TCP, ICMP) Mines Monero using XMRig Acts as a proxy for malicious traffic Installs backdoors and evades analysis (e.g., UPX header tampering, nanosecond delays)

Vulnerabilities exploited (At this moment):

CVE-2025-20281 (Cisco ISE) CVE-2023-1389 (TP-Link AX21) CVE-2020-8515 (DrayTek) CVE-2024-7120 (Raisecom MSG)

Mitigation ideas I’m testing:

Scanning client networks for vulnerable firmware Blocking known malicious domains and IPs at the firewall level Writing scripts to detect outbound traffic to those IOCs Recommending disabling remote admin access on routers I’d love to hear what others are doing to detect or contain this botnet. Has anyone seen it in enterprise environments? Any creative or effective mitigation strategies you’d recommend?

Comments

svgmaker•9h ago
This is such a joke... anyway what does this "malware" do?
galaxy_gas•9h ago
its IOT ddos/proxy botnet.

I dont know why its trying to mine crypto on a weak ARM router no way that gets far

garduno_AA•9h ago
Haha yeah, the name’s ridiculous — but the malware’s real.

It’s a Mirai variant that infects routers (Cisco, TP-Link, etc.), does DDoS, mines crypto, proxies traffic, and drops backdoors. Spreads via known and zero-day vulns.