Researchers have discovered what they say is the first variant of the Gafgyt botnet family to cloak its activity using the Tor network.
Gafgyt, a botnet that was uncovered in 2014, has become infamous for launching large-scale distributed denial-of-service (DDoS) attacks. Researchers first discovered activity from the newest variant, which they call Gafgyt_tor, on Feb. 15.
In order to evade detection, Gafgyt_tor uses Tor to hide its command-and-control (C2) communications, and encrypts sensitive strings in the samples. The use of Tor by malware families is nothing new; however, researchers said they haven’t seen Gafgyt leveraging the anonymity network until now.