Fodcha DDoS Botnet Resurfaces with Massive New Capabilities

Fodcha, a distributed denial-of-service (DDoS) botnet, is back with a new version that includes ransomware in the packets and other protections against analysis.

First uncovered by researchers at 360Netlab back in April 2022, it has undergone covert development, silently receiving upgrades and growing in sophistication and dangerousness.

A recent report, published last week, claims that since Netlab’s last report, the latest version of Fodcha, version 4, has expanded to an unparalleled magnitude and can now extort cryptocurrency payments in exchange for ceasing a DDoS attack against a victim.

With over 60,000 active nodes and 40 command-and-control (C2) domains, the cybersecurity firm claims Fodcha has grown into a massive botnet that can “easily generate more than 1 Tbps traffic.”

On October 11, 2022, the malware reportedly targeted 1,396 machines in a single day, marking its peak activity.

Also, the botnet has started encrypting its communications with the C2 server. This makes it harder for security experts to study the malware and, eventually, bring down the infrastructure of the botnet.

According to analysts at Netlab, Fodcha makes money by leasing its resources to other threat actors planning DDoS attacks. But in the latest version, hackers are asking for a ransom in Monero to stop their work.

Netlab deciphered DDoS packets and revealed that Fodcha is demanding victims pay 10 XMR (Monero), or about $1,500 as ransom.

These demands are hidden in the DDoS packets sent by the botnet as part of the ‘Data’ section and threaten to keep the attacks going until the money is transferred.

The top countries targeted by the botnet since late May 2022 comprise the United States, China, Russia, Germany, France, the United Kingdom, Singapore, Canada, Japan, and the Netherlands.

Fodcha Target Countries

Prominent victims include hospitals, police departments, and a popular cloud service that was hit with traffic volumes of more than 1 Tbps.

Fodcha’s evolution has incorporated stealth features that encrypt contacts with the C2 server and insert ransom requests, making it a more dangerous menace.

 “Fodcha reuses most of Mirai’s attack code, and supports a total of 17 attack methods.” According to the cyber security firm.

 The results coincide with a new study from Lumen Black Lotus Labs that highlights how CLDAP is increasingly being abused to amplify the impact of distributed denial of service (DDoS) assaults.

For more than nine months, up to 7.8 Gbps of CLDAP traffic was being directed by a CLDAP service linked with an undisclosed regional retail organization in North America toward a wide variety of targets.

Also read: How to fix a DDoS attack on your router

96 thoughts on “Fodcha DDoS Botnet Resurfaces with Massive New Capabilities”

  1. I am a huge fan оf thіs game! I can’t think оf any other sports betting
    game quite lіke this! I can’t get enoսgh of it!
    І hoghly recommend іt аnd hope y’all likoe it as mucһ as myѕelf.
    Theгe aгe mini games tօ heⅼp ʏou earn tokens аnd/or coins even foг when y᧐u’re low ᧐n coins,
    ԝhich tоok me a ᴡhile tо figure ⲟut hоwever if уou d᧐ correctly, y᧐u ѡon’t need to spend a cent to progress.
    І play ѕolely becaᥙse I love playing to be аble tⲟ outdo mү opponents
    and moνe faster. Tһanks fοr the amazing game! I’m a trhe “Basher”!

  2. Your article gave me a lot of inspiration, I hope you can explain your point of view in more detail, because I have some doubts, thank you.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top