Hpingbot Botnet Hides in Pastebin, Launches DDoS Attacks

A newly identified botnet dubbed Hpingbot Botnet Hidesnaturally has emerged as a sophisticated threat, leveraging legitimate platforms to evade detection and deliver powerful DDoS attacks. First discovered in June 2025, the malware uses the Go programming language and targets both Windows and Linux/IoT systems across various architectures.

Unlike variants derived from known botnet families, this cross-platform malware operates with unique infrastructure. The Hpingbot Botnet Hidesnaturally integrates the hping3 network diagnostic tool to launch over ten types of DDoS vectors, including SYN, UDP and TCP floods. Attackers mainly target Germany, though incidents in the U.S. and Turkey have also been recorded.

Analysts at NSFOCUS tracked its payload delivery via Pastebin, where the malware retrieves dynamic shell scripts and IP addresses through embedded URLs. This design allows attackers to update payloads stealthily and maintain persistence. Read the full official article for more details on this evolving threat:

New Hpingbot Abusing Pastebin for Payload Delivery and Hping3 Tool to Launch DDoS Attacks