Ice Research researchers have discovered a powerful new botnet called Gayfemboy, which uses 0-day vulnerabilities in industrial routers to launch DDoS attacks and infect more than 15,000 devices worldwide.
The Gayfemboy botnet, based on the Mirai code, has demonstrated high resilience and advanced capabilities. Since the beginning of 2024, it has been actively used and distributed among industrial routers, video recorders and smart devices. The main affected devices are Four-Faith routers with the 0-day vulnerability (CVE-2024-12856), as well as ASUS, Kguard and Vimar devices. The botnet attack peaked in October and November 2024, generating up to 100GB of traffic per second.
Mirai is a well-known botnet that has influenced the emergence of many new threats. However, Gayfemboy has become particularly dangerous due to the introduction of new encryption commands and mechanisms.
Its infrastructure spans China, the US, Iran, Russia and Turkey. Cybersecurity experts recommend installing the latest firmware updates, isolating critical systems from vulnerable devices, and using DDoS protection solutions. Gayfemboy’s story shows how quickly threats in cyberspace evolve.