Derp.ca
← All malware

Bashlite

Also known as: Gafgyt, gayfgt, lizkebab, qbot, torlus

Bashlite is a malware family which infects Linux systems in order to launch distributed denial-of-service attacks (DDoS). Originally it was also known under the name Bashdoor, but this term now refers to the exploit method used by the malware. It has been used to launch attacks of up to 400 Gbps.

Last 7 days

Mar 3, 2026
C2 Hosts: 1

Further Reading

Multi-exploit IoT/Linux Botnets Mirai and Gafgyt Target Apache Struts, SonicWall

Unit 42 has uncovered new variants of the well-known IoT botnets Mirai and Gafgyt.

unit42.paloaltonetworks.com
Gafgyt Malware Variant Exploits GPU Power and Cloud Native Environments

Aqua Nautilus researchers discovered a new variant of Gafgyt botnet targeting machines with weak SSH passwords.

aquasec.com
Could Threat Actors Be Downgrading Their Malware to Evade Detection?

Threat actors modify their malware to evade detection. This blog analyzes modification techniques used by Gafgyt (aka Qbot) malware.

nozominetworks.com
Discovery of Simps Botnet Leads to Ties to Keksec Group

Uptycs' threat research team has discovered a new Botnet named ‘Simps’ attributed to Keksec group primarily focussed on DDOS activities

uptycs.com
Mirai Code Re-use in Gafgyt

Using threat intelligence systems and an in-house osquery-based sandbox, Uptycs' threat research team recently discovered multiple variants of the Linux-based botnet malware family, Gafgyt.

uptycs.com