Developed in GoLang, this malware employs a modular design to bypass traditional security measures, using randomized HTTP headers, dynamic URL paths, and cookie manipulation to evade detection. A new botnet family named HTTPBot has emerged as a critical threat to the Windows ecosystem, leveraging sophisticated HTTP-based distributed denial-of-service (DDoS) attacks to disrupt high-value targets. According to NSFOCUS Fuying Lab researchers, HTTPBot operates through a multistage attack strategy, using unique “attack IDs” to orchestrate and terminate campaigns programmatically. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. HTTPBot ensures long-term persistence on infected Windows systems through a combination of stealthy execution and registry manipulation. First observed in August 2024, HTTPBot’s activity surged in April 2025, with attacks primarily targeting the gaming industry, technology firms, and educational institutions. For example, it dynamically switches between HTTP and HTTPS protocols, adjusts request rates based on server responses, and even launches browser-based attacks using headless Chrome instances. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. For instance, certain attack modules (e.g., BrowserAttack) activate only on Windows 8+ systems, indicating a tailored approach to maximize impact while minimizing detection. The botnet’s ability to bypass rule-based defenses has raised alarms, prompting calls for upgraded mitigation strategies combining behavioral analysis and elastic infrastructure scaling. As HTTPBot continues to refine its tactics, organizations must prioritize layered defenses that address both protocol-layer subterfuge and application-layer deception. In 2024, the healthcare sector faced an unprecedented wave of cyber attacks, with 276 million patient records exposed globally. Unlike conventional botnets that focus on overwhelming bandwidth, HTTPBot aims to cripple transactional systems by exploiting application-layer vulnerabilities. NSFOCUS analysts noted that HTTPBot’s operators have adopted a “low-traffic, high-impact” approach, focusing on sectors reliant on real-time interaction. Its “scalpel-like” precision in targeting business-critical interfaces-such as payment gateways and login systems-marks a shift from brute-force traffic floods to strategic resource exhaustion. Tushar is a Cyber security content editor with a passion for creating captivating and informative content. Over 80 independent targets were impacted in a 15-day period, including gaming platforms like m.doyo.cn and 28jh.com, as well as educational portals such as Tongji Education.
This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 15 May 2025 08:10:10 +0000