Cyber security researchers are focusing on a new botnet malware Httpbot It has been used mainly to make the gaming industry, as well as technology companies and educational institutions in China.
“In the last few months, it has expanded aggressively, taking advantage of infected equipment to introduce frequent external attacks,” NSFOCS said in a report published this week. “This crosses traditional rules-based identification mechanisms by employing highly simulated http flood attacks and dynamic feature obfuscation techniques.”
HTTPBOT was first spotted in wild in August 2024, the name is obtained from the use of the HTTP protocol, which is to launch the distributed refusal-service attacks. It was written in Golding, it is some of an discrepancy that is looking at the goal of the Windows system.
It is notable for its use in fine targeted attacks aimed at high-valued business interfaces such as Windows-based botnet trojan game logins and payment systems.
The company with Beijing-linked company said, “The attack with accuracy pose a systemic threat to the industries with accuracy that rely on real-time interactions.” “Httpbot DDOS marks a paradigm change in attacks, ‘indiscriminate traffic suppression’ to ‘strangle high-accurate trade’.”
HTTPBOT estimates that instructions for less than 200 attacks have been issued since the beginning of April 2025, with attacks designed to attack gaming industry, technology companies, educational institutions and tourism portals in China.
Once installed and run, the malware leaves its graphical user interface (GUI) monitoring the process by users and safety devices in an attempt to expand the secret of attacks. It also resorts to the unauthorized Windows Registry manipulation to ensure that this system is running automatically on startups.
Botnett malware then proceeds to establish contact with a command-end-control (C2) server to send a high volume of HTTP requests to execute the HTTP flood attacks and wait for instructions against specific goals. It supports various attack modules –
- Browserattack, which involves using Google Chrome examples hidden to mimicious traffic by eliminating server resources
- Httpautoattack, which uses a cookie-based approach to properly simulate valid sessions
- Httpfpdlatck, which uses http/2 protocols and opies for an approach that attempts to increase the CPU loader on the server.
- Websocketattack, which uses “ws: //” and “wss: //”.
- Postattack, which forces the use of http post to conduct the attack
- Cookie
“DDOS Botnet families collect on Linux and IOT platforms,” said NSFOCIs. “However, the Httpbot Botnet family has specifically targeted the Windows platform.”
“Bypassing the protocol layers deeply and mimicking the valid browser behavior, the protocol relying by httpbot is bypassing the rescue on the integrity.
