For 8 years, a hacker operated a massive IoT botnet just to download Anime videos
For almost eight years, a hacker has silently hijacked D-Link NVRs (network video recorders) and NAS (network-attached storage) devices into a botnet that had the sole purpose of connecting to online websites and download anime videos. Named Cereals and first spotted in 2012, the botnet reached its peak in 2015 when it amassed more than 10,000 bots.
However, despite its size, the botnet operated without detection from most cyber-security firms. Currently, Cereals is slowly disappearing, as the vulnerable D-Link devices on which it fed all these years have started aging and are being decommissioned by their owners. Further, the botnet's decline was also accelerated when a ransomware strain named Cr1ptT0r wiped the Cereals malware from many D-Link systems in the winter of 2019.
Now that both the botnet and the vulnerable devices behind it are dying out, cyber-security firm Forcepoint published a report on the botnet's past operations, without fear that its report could draw attention to vulnerable D-Link systems and spark a new series of attacks from other botnets.