All products are independently selected by our editors. If you buy something, we may earn an affiliate commission.
You’ve heard of “be gay, do crimes” — now, get ready for “be Gayfemboy, do malware.”
Cybersecurity experts are warning of a surge in attacks from a malware strain known as “Gayfemboy,” which was first identified last February. An offshoot of the Mirai botnet malware, Gayfemboy quietly infiltrates systems in order to take them over from the inside and use their hardware to mount distributed denial of service (DDoS) attacks on other sites and servers, according to a new analysis from cybersecurity firm Fortinet.
The malware’s proliferation already led to hundreds of DDoS attacks as of January, Security Affairs reported earlier this year, and Fortinet reported that “Gayfemboy” attacks surged again beginning in July. Per a Broadcom alert this week, systems in multiple industries have now been compromised in at least seven countries: Brazil, France, Germany, Israel, Mexico, Switzerland, the United States, and Vietnam. Many of the most recent attacks targeted people using XMRig, a cryptocurrency miner, Security Online noted, while previous iterations exploited vulnerabilities in certain types of internet routers.
Whoever is behind the malevolent “Gayfemboy,” however, it’s pretty clear they — if not their victims — are having a lot of fun. As Fortinet explained, after the malware is successfully executed on an infected system, it displays the string “twinks :3” before moving on. The program also uses “meowmeow” as a string to trigger backdoor access to a system, and when connecting a computer to its command-and-control infrastructure, it uses domains with names like “i-kiss-boys,” “furry-femboys,” and “twinkfinder.”
