‘GayFemBoys’ are coming for your computer.
Well, kind of. Experts have told Metro that a strain of malware named after the term for feminine men has attacked hundreds of devices.
Once the malicious piece of software has successfully infected a server, the programme displays the word, ‘twink :3’, slang for a young gay man.
GayFemBoy was first identified last February and by November, had infected 15,000 devices, according to Security Affairs.
Hundreds of victims had been recorded by January, and cases surged in July, a new analysis by the threat analysis platform FortiNet found.
The malware isn’t picky – multiple industries such as manufacturing, technology and communications have had their systems compromised.
They include victims in the US, Brazil, France, Germany, Israel, Mexico, Switzerland and Vietnam, according to Broadcom.
No one knows who is behind the malware, but they mainly target people using the cryptocurrency miner XMRig.
How does ‘GayFemBoy’ work?
The malware mainly targets routers, your phone and your laptop’s gateway into the internet.
Routers might not sound like a good target for cyber criminals, but unlike phones or computers, routers are very rarely switched off.
These devices also don’t have the best security, with easy-to-guess default passwords or outdated software, allowing hackers to slip malware in them, explained Kev Breen, the senior director of cyber threat research at cyber threat firm Immersive.
‘These devices provide a stealthy and persistent place for an attacker to reside,’ Breen told Metro.
Once inside the router, GayFemBoy’s string – the text in the malware’s code – displays the word ‘meowmeow’.
Sadly, this isn’t when you suddenly get a free cat out of this hack – this word instead hands a sledgehammer to GayFemBoy to break down the device’s backdoor to let hackers hijack it.
Criminals can then connect their computers and control the router, using domains with names like ‘i-kiss-boys,’ ‘furry-femboys,’ and ‘twinkfinder’.
You’d unlikely know this is even happening to your router, given that the malware renames its files and hibernates for up to 27 hours, so anti-malware tools can’t detect it.
The goal is to drag the router into a network of thousands of remotely controlled, malware-infected zombie devices called a botnet, explained Pieter Arntz, a malware intelligence researcher at the antivirus company Malwarebytes.
‘These botnets use known vulnerabilities in internet-connected network equipment as hosts for their code and to infect other “nearby” devices,’ Arntz told Metro.
‘Botnet operators are often in a silent war with each other, constantly vying for control over vulnerable devices.
‘If hackers hijack enough of these devices, they can build a large botnet capable of generating significant volumes of traffic, overwhelming the target server or network that real users can’t get through, knocking websites or services offline for hours at a time.’
Hackers also use botnets to send ‘massive amounts’ of spam and phishing scams, as well as generate fake clicks for shoddy ads for quick cash.
Many users of infected machines have no idea their devices are part of a botnet army, making the shady networks tricky to shut down.
Fortinet has classified GayFemBoy malware as a high-severity threat.
GayFemBoy is bad news for people as well as organisations, warned Breen.
‘Small businesses and home users usually do not have the means to provide adequate monitoring and protection for these devices,’ he said.
People have been urged to keep their routers updated to keep the devices secure from malware attacks.
Breen added: ‘These internet-connected devices don’t frequently receive updates, and where updates are released, it’s up to individuals to know that an update is available and to proactively update.’
Get in touch with our news team by emailing us at webnews@metro.co.uk.
For more stories like this, check our news page.
