New botnet targets gaming servers via misconfigured Jenkins

As reported by HackRead, a new distributed denial-of-service (DDoS) botnet campaign has been detected, specifically targeting online gaming infrastructure. The campaign was identified by Darktrace's CloudyPots honeypot network on March 18, 2026, after observing attempts to exploit a misconfigured Jenkins server.

The attackers gained initial access by abusing the scriptText endpoint of the Jenkins server, achieving remote code execution (RCE) through a Groovy script. This script was designed to deploy a botnet capable of infecting both Windows and Linux systems. On Windows, a file named w.exe was downloaded, renamed, and executed, opening TCP port 5444 for command and control. Linux systems received a Bash script that dropped a binary named bot_x64.exe into the /tmp directory. All malicious traffic traced back to a single IP address in Vietnam, owned by Webico.

The malware employs evasion techniques, renaming itself to blend in with system processes. Its primary objective is to disrupt servers running the Valve Source Engine, used in popular games like Counter-Strike and Team Fortress 2, by employing methods such as attack_dayz and targeting specific ports like 27015.

Source: HackRead