New Botnet Shows Evolution of Tech and Criminal Culture

When botnet-as-a-service meets social media marketing, you have a threat poised to rapidly spread. That’s precisely what researchers have found in a quickly evolving botnet called Cayosin (Kay-OH-sin), which combines the most dangerous features of multiple previous botnets and makes them available to a broad audience at a low price.

When researchers at Perch were going through customer telemetry last month, they found strings they hadn’t seen before. In looking through the signatures, Perch senior threat researcher Paul Scott found leads on a Reddit forum dedicated to Linux malware that showed Cayosin was “actually a custom piece of malware developed from multiple public sources,” Scott explains. “So it’s kind of a Frankenstein between Qbot, Marai, and a few other pieces of software. The actors kind of cobbled them all together to make a new thing.”

This new thing is a botnet for hire that draws marketing and support techniques from the best of legitimate commercial activity. “They were primarily renting spots or having subscribers sign up for an account when it was still in early development, and they were charging a very low amount of money, like $5 a spot,” Scott says. Since Cayosin has matured and become more full-featured, though, the developing syndicate (or individual) has raised the price.

Read more: Dark Reading