About 1.6 million devices infected by the ‘Pink’ botnet

More than 1.6 million devices, mostly in China, have been infected by a recently discovered botnet named “Pink”, according to security experts. The botnet’s purpose is to perform distributed denial of service attacks and inject advertisements into HTTP websites accessed by users.

Pink Botnet 1 1024x493

As per what has been revealed in a blog post from NetLab 360, the Pink botnet uses Peer-to-peer networks, and central command-and-and-control (C2) servers to operate, and targets mostly MIPS-based fiber routers. The botnet also encrypts the transmission channels to protect the targeted devices from being taken over.

A protocol called DNS-Over-HTTPS (DoH) has been found to be used by Pink to connect to a controller specified in a configuration file delivered either via GitHub or Baidu Tieba, or via a built-in domain name hard-coded into some of the samples. DoH is used to perform remote Domain Name System resolution via the HTTPS protocol.

Researchers have also found that the Pink botnet has tried to retain control over the infected devices by keeping an eye on the vendor’s repeated attempts to fix the problem in real-time, and has made multiple firmware updates on the fiber routers correspondingly.

Another report by Beijing-based cybersecurity company NSFOCUS reveals that more than 96% of the zombie nodes in the “super-large-scale bot network” were located in China. The threat actor exploited zero-day vulnerabilities in network gateway devices to break into the devices and install malicious programs that turned them into zombie machines.

Fortunately, as of July 2020, most of the infected devices have been fixed and returned to their normal operation. However, as per the information that is available, the botnet is still operational and consists of around 100,000 nodes.

With approximately 100 DDoS attacks conducted by the botnet to date, Pink is presently the biggest botnet ever detected, however, it won’t be the last, researchers are warning. These revelations are yet another example of how botnets may provide a formidable infrastructure for malicious actors to undertake various intrusion attempts.

About the author


Lidia Howler

Lidia is a web content creator with years of experience in the cyber-security sector. She helps readers with articles on malware removal and online security. Her strive for simplicity and well-researched information provides users with easy-to-follow It-related tips and step-by-step tutorials.

Leave a Comment