Home Malware Programs Botnets Gwmndy Botnet

Gwmndy Botnet

Posted: August 6, 2019

The Gwmndy Botnet is a network of Trojans that hijack routers (currently, limited to Fiberhome brand models) and establish proxies for unknown purposes. These attacks could facilitate the theft of data, the installation persistence of other threats such as banking Trojans, or harm your Internet connectivity by changing router settings. Users should protect themselves with appropriate security practices and anti-malware services with router-defending capabilities for removing a Gwmndy Botnet Trojan on sight.

Just a Small Island Botnet

Trojans specializing in proxy services are rarities, due to the ease of setting up TOR-based equivalents or otherwise building the appropriate network trafficking features into threats that define themselves by their other attacks, such as a RAT. 2019 is providing examples of threat actors taking an interest in experimenting with this niche software for various campaigns, though, including the banking Trojan-enabling SystemBC and the Gwmndy Botnet. Malware experts are labeling the Gwmndy Botnet as being doubly unusual for having one of the smallest 'zombie networks' to date.

The majority of botnets, which recruit infected devices and computers en masse into coordinated networks, depend on raw numbers and opportunistic distribution for achieving goals like DDoS flooding for crashing a banking company's servers, as an example. The Gwmndy Botnet is setting itself up as having much smaller, but more mysterious goals – as its threat actor is ceasing the distribution, but not operation, of the Trojan's botnet at around two hundred compromised devices. Unlike the Wauchos Botnet, the AESDDoS Botnet, and others, the Gwmndy Botnet shows no interest in generating cryptocurrency, DDoSing, or launching other attacks that are typical of a botnet.

Another crucial characteristic is the spread of the Gwmndy Botnet's Trojans as malware experts can currently confirm. All attacks, so far, hijack Fiberhome routers in the Philippines and Thailand. This brand is widespread in other countries in Asia, however, such as China equally. The method that the Gwmndy Botnet is using for circulating its Trojans, like its overall goals, remains open to additional investigation.

Making Your Router a Trojan-Free Zone

While the Gwmndy Botnet doesn't target or attack users directly, the hijacking of networking hardware for illicit activities always is a high-priority security risk. Malware experts lean on several, well-established practices for preventing infections for Fiberhome AN5506 router owners:

  • Updating your router's firmware, and most other software will reduce the number of vulnerabilities that attackers could abuse for executing code and installing threats like a botnet Trojan.
  • Using login combinations that aren't susceptible to being brute-forced will prevent attackers from compromising your PC and devices remotely. In most cases, brute-forcing requires factory-default or short and 'guessable' passwords and login names.

Users also can protect themselves with generalized security habits like disabling JavaScript and Flash, being careful around unexpected e-mail attachments, and avoiding illegal downloads like copyright-protected movies. Most anti-malware programs should block various attacks related to this threat or remove a Gwmndy Botnet's Trojan, in appropriate cases.

Too few Web surfers pay any attention to the settings through which they surf the Web in the first place. At least one criminal is taking advantage of that laxness for purposes that are unknown, but unlikely of being anything positive to the world at large.

Loading...