- A hacker ran a network of bots that compromised more than 10,000 devices for years, seemingly for one purpose: to download anime videos.
- The botnet, called Cereals, went mostly undetected for 7 years because it served such a narrow purpose and used just a single exploit, according to a report from cybersecurity firm Forcepoint.
- Researchers at Forcepoint traced the bot activity back to a single user in Germany, who was using malicious code to fraudulently log into websites and retrieve direct links to anime.
- Visit Business Insider’s homepage for more stories.
One alternative to paying top dollar for streaming content: Set up a sprawling network of bots that take over devices, fraudulently log into websites, and download videos for you.
According to the report, one hacker built a botnet over the course of nearly 8 years that used malicious code to take over internet of things devices for the sole purpose of downloading anime videos. At its peak, the botnet compromised over 10,000 devices.
Botnets are a scourge for cybersecurity firms because of their resilience and ability to evade detection. They’re typically used to steal information or bring down servers with coordinated attacks, and some of the most infamous botnets have been active for much of the past decade.
But the anime-focused botnet, called Cereal, evaded detection for so long because it seemingly served a narrow purpose and used just one exploit, according to Forcepoint.
“We were also hoping for exceptions amongst the heaps of Anime related requests, but either there is none, or it wasn’t routed through our honeypots. We had to conclude that this is either a simplistic Hobby-VPN-Based-Web-Crawler project of someone or there is a hidden agenda behind the scenes that we lack the evidence of,” Forcepoint researcher Robert Neumann wrote.
Forcepoint tracked the botnet back to an IP address in Germany, and noted that the creator’s name is logged in some of the malicious code as “Stefan.” According to Forcepoint, the anime-harvesting botnet is now on the decline after a different ransomware strain wiped it from most devices in 2019.
In the past, botnets have been used as weapons to take websites offline. Hackers write malicious code designed to take over internet-connected devices with poor security, then mobilize thousands of zombie devices to request information from a specific server at once, temporarily overwhelming the site in what’s known as a DDoS attack.
One of the most damaging botnets in recent years, Mirai, was started by a Rutgers University student to take down competing servers in Minecraft. After the creator posted Mirai’s source code on hacker forums, it was taken over by more sophisticated actors who used it to temporarily paralyse millions of computers across the East Coast.
Business Insider Emails & Alerts
Site highlights each day to your inbox.