Recent research has unveiled details of what is being referred to as the largest botnet discovered in the past six years, known as “Pink.” This sophisticated malware has reportedly infected over 1.6 million devices, predominantly located in China. Its primary objectives include orchestrating Distributed Denial-of-Service (DDoS) attacks and injecting ads into websites accessed by unwary users.
According to cybersecurity experts from Qihoo 360’s Netlab, the nomenclature “Pink” was derived from a sample obtained on November 21, 2019, characterized by numerous function names prefixed with “pink.” This naming convention underscores the botnet’s extensive coding framework.
The botnet predominantly targets MIPS-based fiber routers, employing a mix of third-party services like GitHub and peer-to-peer (P2P) networks to facilitate communication between its bots and command-and-control (C2) servers. Notably, it encrypts its transmission channels to thwart efforts to regain control of the compromised devices.
In a recent study, researchers noted the botmaster has engaged in a continuous game of cat and mouse with the hardware vendors attempting to address the breaches. When vendors implemented security patches, the botmaster reacted promptly, rolling out multiple firmware updates to maintain control over the infected routers. This dynamic was documented after collaborative efforts from an unspecified vendor and China’s Computer Network Emergency Response Technical Team (CNCERT/CC).
In a noteworthy development, the Pink botnet has also integrated DNS-over-HTTPS (DoH) within its operational framework. This protocol enables remote Domain Name System resolution via HTTPS, allowing it to connect to its configured controller sourced from either GitHub, Baidu Tieba, or hard-coded domain names found within its samples.
To date, the Pink botnet has executed nearly 100 DDoS attacks, exemplifying how such botnets can serve as formidable tools for malicious actors seeking to initiate a wide array of cyber intrusions. Researchers highlighted that Internet of Things devices have increasingly become primary targets for various cybercriminal organizations and even advanced persistent threat (APT) groups. While Pink currently stands as the largest botnet ever detected, experts emphasize that it will likely not be the last, indicating an ongoing trend in the cyber threat landscape.
