Hackers behind new botnet also host a GTA: San Andreas server

Researchers discover a botnet, called JenX, linked to a hacking group that also hosts servers for Grand Theft Auto mods.

Alfred Ng Senior Reporter / CNET News
Alfred Ng was a senior reporter for CNET News. He was raised in Brooklyn and previously worked on the New York Daily News's social media and breaking news teams.
Alfred Ng
2 min read

The hosts of a GTA: San Andreas server have created a botnet called JenX that customers can buy and use for $20.

Illustration by CNET's Alfred Ng / GTA:San Andreas art by Rockstar / Ad image via Radware

Call it Grand Theft Bot-o.

Researchers from security company Radware have discovered a new botnet designed to advantage of weak internet-of-things devices spread around the world. The botnet, which Radware calls JenX, uses the same techniques and codes as the Mirai botnet, a massive network of hacked devices that caused an internet outage across the US in 2016.  

Botnets are networks of devices hijacked by hackers, who can then use them to attack servers, send spam emails or mine for cryptocurrency. Often they're used for distributed denial-of-service attacks, which flood servers with so much traffic that it forces them to go offline.

Radware's researchers said JenX is linked to San Calvicie, a hacking group with a server located in Seychelles, a small island country off the coast of eastern Africa. But the hacking group does more than just DDoS attacks: It also hosts a Grand Theft Auto: San Andreas server.

The botnet's host server traced back to San Calvicie's website, which offers hosting for the Rockstar Games title, released in 2004. Players create mods for the 14-year-old game and host them online so others can join in. San Calvicie offers servers for hosting for GTA: San Andreas, as well as protection against DDoS attacks, for $16 a month.

At the same time, the group is also offering DDoS attacks on demand for $20, under the name "Corriente Divina," or "Divine Stream." The advertisement reads, "God's wrath will be employed against the IP that you provide us."

The group originally offered the volume of attacks at 100Gbps, but tripled it to 300Gbps after it started building the JenX botnet on Monday. Radware's researchers said JenX is a lot stealthier than the Mirai botnet, and it's hard to determine how many devices are hijacked unless you're the target of the attack.

It does have the potential to reach hundreds of thousands of devices, Radware noted.

"A customer would use this service to attack competing servers that are hosted by other providers," said Pascal Geenens, a security researcher at Radware.

The post also said the botnet could take down OVH, a French cloud hosting provider that Mirai attacked in 2016.

JenX echoes Mirai in having a connection between online gaming servers and on-demand DDoS attacks. The hackers behind Mirai had a deep interest in Minecraft and originally created their botnet to attack competing servers hosting the game. A group of researchers from Google, Akamai, Cloudflare and several universities, meanwhile, have noted that part of the Mirai-driven internet outage stemmed from an attack on PlayStation network servers.

Take-Two Interactive, the parent company of Rockstar, did not immediately respond to a request for comment.

Security:  Stay up-to-date on the latest in breaches, hacks, fixes and all those cybersecurity issues that keep you up at night.

'Alexa, be more human': Inside Amazon's effort to make its voice assistant smarter, chattier and more like you.