‘GayFemBoys’ are coming for your computer.
Well, kind of. Experts have told Metro that a strain of malware named after the term for feminine men has attacked hundreds of devices.
Once the malicious piece of software has successfully infected a server, the programme displays the word, ‘twink :3’, slang for a young gay man.
GayFemBoy was first identified last February and by November, had infected 15,000 devices, according to Security Affairs.
Hundreds of victims had been recorded by January, and cases surged in July, a new analysis by the threat analysis platform FortiNet found.
The malware isn’t picky – multiple industries such as manufacturing, technology and communications have had their systems compromised.
They include victims in the US, Brazil, France, Germany, Israel, Mexico, Switzerland and Vietnam, according to Broadcom.
No one knows who is behind the malware, but they mainly target people using the cryptocurrency miner XMRig.
How does ‘GayFemBoy’ work?
The malware mainly targets routers, your phone and your laptop’s gateway into the internet.
Routers might not sound like a good target for cyber criminals, but unlike phones or computers, routers are very rarely switched off.
These devices also don’t have the best security, with easy-to-guess default passwords or outdated software, allowing hackers to slip malware in them, explained Kev Breen, the senior director of cyber threat research at cyber threat firm Immersive.
‘These devices provide a stealthy and persistent place for an attacker to reside,’ Breen told Metro.
Once inside the router, GayFemBoy’s string – the text in the malware’s code – displays the word ‘meowmeow’.
Sadly, this isn’t when you suddenly get a free cat out of this hack – this word instead hands a sledgehammer to GayFemBoy to break down the device’s backdoor to let hackers hijack it.
Criminals can then connect their computers and control the router, using domains with names like ‘i-kiss-boys,’ ‘furry-femboys,’ and ‘twinkfinder’.
You’d unlikely know this is even happening to your router, given that the malware renames its files and hibernates for up to 27 hours, so anti-malware tools can’t detect it.
The goal is to drag the router into a network of thousands of remotely controlled, malware-infected zombie devices called a botnet, explained Pieter Arntz, a malware intelligence researcher at the antivirus company Malwarebytes.
‘These botnets use known vulnerabilities in internet-connected network equipment as hosts for their code and to infect other “nearby” devices,’ Arntz told Metro.
‘Botnet operators are often in a silent war with each other, constantly vying for control over vulnerable devices.
‘If hackers hijack enough of these devices, they can build a large botnet capable of generating significant volumes of traffic, overwhelming the target server or network that real users can’t get through, knocking websites or services offline for hours at a time.’
Hackers also use botnets to send ‘massive amounts’ of spam and phishing scams, as well as generate fake clicks for shoddy ads for quick cash.
Many users of infected machines have no idea their devices are part of a botnet army, making the shady networks tricky to shut down, says Aras Nazarovas, a senior information security researcher at Cybernews.
‘This disrupts the digital lives we depend on every day. But it doesn’t stop there,’ she told Metro.
‘Our trusted technology can be turned into tools for harm as these hijacked devices can also be used to steal sensitive personal information, spread ransomware, mine cryptocurrencies without consent, or launch large-scale cyberattacks that disrupt critical services.’
Fortinet has classified GayFemBoy malware as a high-severity threat.
Nazarovas said that the recent surge of GayFemBoy attacks shows that our gadgets aren’t as ironclad as we might think.
‘Manufacturers must bake security into the design, enterprises must treat IoT vulnerabilities like ticking time bombs, and users need to get serious about the devices they plug into their lives,’ she said.
‘Staying ahead means relentless vigilance and smarter collaboration between defenders and researchers.’
Get in touch with our news team by emailing us at [email protected].
For more stories like this, check our news page.
