The newly discovered Zergeca botnet, identified by the XLab CTIA system on May 20, 2024, stands out due to its sophisticated functionalities. Unlike typical DDoS botnets, Zergeca, written in Golang, supports multiple attack methods, including proxying, scanning, and reverse shell capabilities, reflecting its expansive and aggressive nature.
Initial analysis revealed Zergeca’s use of modified UPX packers and multi-country uploads, raising suspicions and leading to further investigation. The botnet employs unique network communication features, including DNS over HTTPS (DOH) and the uncommon Smux library for encrypted C2 communication.
Zergeca’s design includes persistence through a system service and a focus on Linux platforms, although it hints at potential future cross-platform support. The botnet’s advanced capabilities and persistence mechanisms, combined with its aggressive scanning and attack methods, present a significant cybersecurity challenge.
Cybersecurity experts need to remain vigilant as Zergeca continues to evolve. The botnet’s multifaceted features, including DDoS attacks and device monitoring, underscore the growing complexity of cyber threats and the need for proactive defenses.
Reference:
