Researchers at the QiAnXin XLab team uncovered a new Golang-based botnet called Zergeca that can carry out distributed denial-of-service (DDoS) attacks.

On May, 2024, the researchers detected a suspicious ELF file at /usr/bin/geomi that was uploaded from Russia to VirusTotal. The file was packed with a modified UPX and had a unique magic number, 0x30219101, however, it wasn’t flagged as malicious. A similar file was uploaded from Germany the same day. The experts discovered multiple uploads from different countries. The analysis revealed the file to be a Golang-based botnet. The botnet was named “Zergeca” due to its C2 string “ootheca,” reminiscent of the Zerg swarming in StarCraft.