Microsoft says that the MCCrash botnet specifically targets private Minecraft servers. The majority of the victims have been reported in Russia.
The Minecraft-focused botnet is unusual, Microsoft researchers claim, because its unique design allows it to move into Linux systems, even though malware is downloaded from Windows devices.
Moreover, even if malware is removed from an infected source, the botnet’s mechanism allows it to persist on unmanaged Internet of Things (IoT) devices in the network and resume operating as part of the botnet.
“The botnet spreads by enumerating default credentials on internet-exposed Secure Shell (SSH)-enabled devices. Because IoT devices are commonly enabled for remote configuration with potentially insecure settings, these devices could be at risk to attacks like this botnet,” reads Microsoft’s blog.
The threat primarily affected devices in Russia. However, infections spread in Italy, India, Ukraine, Indonesia, Kazakhstan, Mexico, and other countries.
The geographical distribution of affected systems may be linked to how the malware spreads. Microsoft claims that the initial infection point comes from a malicious cracking tool to acquire an illegal Windows 10 license. Russia is among the world leaders in using software illegally.
“Our analysis of the DDoS botnet revealed functionalities specifically designed to target private Minecraft Java servers using crafted packets, most likely as a service sold on forums or darknet sites,” Microsoft researchers said.
Sometimes considered ‘unsophisticated,’ distributed denial-of-service attacks have crept back into the front pages of news after Russia invaded Ukraine, kickstarting a cyber war alongside its kinetic war.
Ukrainian organizations, including the Ministry of Foreign Affairs, Ministry of Internal Affairs, Liveuamap, and other services designed to help people find information, kept experiencing DDoS attacks.
Recently, a global police operation took down 50 of the biggest DDoS booter services in the world. The services seized were the most popular DDoS booter services on the market, receiving top billing on search engines. One such service taken down had been used to carry out over 30 million attacks.
More from Cybernews:
Subscribe to our newsletter