BestBuy Hackers Are Offering Mirai Botnet To Fellow Hackers As a Paid DDoS Service

All are introduced with Mirai Botnet. This botnet is becoming cancer for IoT devices. Hackers have performed major DDoS attack by using this Mirai Botnet. Hackers can easily compromise poorly configured IoT (internet of things) devices with the help of Mirai Botnet. DDoS attack on DynDNS service was the result of compromised IoT devices. Moreover, the largest DDoS attack till the date was performed by hackers on French web hosting company OVH by compromising more than 400000 IoT devices. It was possible only with Mirai Botnet. Servers of OVH were getting traffic of 1Tbps. The DDoS attack on security journalist Brian Krebs website is at number two for getting highest traffic packets.

Hackers are using this botnet to perform DDoS attacks against high-profile websites. A spokesperson of security firm Bleeping Computer said that in the black market, hackers are offering Mirai Botnet with 400000 compromised IoT devices to their fellow hackers as a paid DDoS service. The hackers with monikers Popopret and Best Buy are offering this Mirai botnet. Some security experts are saying that “Popopret and Best Buy” are the same hackers. It is the largest botnet ever, which has been offered by hackers for rent

Popapret and BestBuy Hackers

It is not the first time when these hackers are selling anything in the black market. Do you remember GovRAT malware? BestBuy hackers are the authors of this GovRAT malware which was targeting government organizations of United States. Later, BestBuy was selling this malware in the black market with its source code for 4.5 bitcoins. A digital code-signing certificate was also included in this deal.

On the other hand, Popopret meet BestBuy when they were selling GovRAT malware. According to security researchers of InfoArmor, BestBuy also started using the same moniker Popopret. That’s why it is not clear that the hackers who are offering Mirai Botnet are same or not. Hackers were spreading GovRAT malware through advanced spear-phishing attacks. Military and Govt. organizations of United States were the victims of GovRAT attacks. Hackers were stealing sensitive information from government agencies and were selling it on the black market.

Mirai Botnet DDoS Deal

BestBuy and Popopret are saying that they have added some new features in actual Mirai Botnet. This botnet is capable of performing brute force attacks on SSH protected forms and exploiting zero-day vulnerabilities. It is a costly deal and hackers are asking tenants to hire this botnet for the minimum time period of two weeks. If anyone wants to hire more bots, he has to pay more money. Cost also depends on attack duration. If tenants will use it for a long time, the more money they have to pay. BestBuy and Popopret are also giving a discount on long cool down time. The cool down time is the time between two back to back DDoS attacks.

BestBuy also released an example of their charging plans:

Time Period 2 Weeks Number of Botnets = 50000 Attack Duration= 1 Hour (3600 Seconds) Cool down Time= 5-10 Minutes Total Cost= $3000- $4000

It seems like, BestBuy and Popopret want to test their modified Mirai Botnet by giving it to others. This botnet has been controlled by hackers through a console, which is hidden on a Tor Network. This hidden console could only be accessed through Telnet.

Similar Articles: