All GTA, all day, since 2012

GTA San Andreas Mods Used To Spread DDoS Botnet

Usually, when talking about mods for Grand Theft Auto games, we're highlighting a particularly noteworthy creation, speaking about how their use in GTA Online is going to get you banned, or reporting that at patch broke them again (none of this in recent times, thankfully). Today, however, it seems a darker side of GTA mods and multiplayer servers for the old games has reared its head.

Players who only play GTA 5 and haven't delved into the older titles, or play on console, shouldn't be affected. However if you enjoy perusing and downloading GTA San Andreas mods, or like playing on custom multiplayer servers for that very game, you should be wary as botnet exploits have wormed their way into certain mods and clients with the intent of using the San Andreas community to spread.

A site which hosts both GTA San Andreas mods and multiplayer servers, alongside paid hacking attacks such as pay-per-attack DDoS services, wove the two businesses together without disclosure. A notorious botnet exploit known as Satori then spread to the systems of those who used mods from the site, as well as those who played on the site's multiplayer servers. The exploits, upon infecting a victim, automatically scan any other potential victims accessible from the newly infected device - other players playing on the server first of all, but once infected, basically any connection can be exploited.

So what does this exploit actually do? You may not notice any direct consequences. It's not your usual kind of virus which messes with the function of your system, logs keys, steals or locks data, tracks use or so on. The botnet exploit basically co-opts your machine for the DDoS attacks the site is offering. For a low price, buyers can have websites overloaded with a flood of fake traffic coming from systems affected by the botnet.

An internet security research firm looked into this iteration of the mentioned Satori variant, called JenX in this particular case, and filed abuse notification. However the service still runs. The website itself isn't particularly functional, but reads "We are back". Business is conducted off-site. The whole botnet exploit is decentralized and as it spreads from target to target shutting it down is difficult.

So what can you do about this? It's pretty simple - don't use or download any GTA San Andreas content affiliated with a site known as San Calvicie, which is hosting the mods, servers and the exploits as well. Stay safe!


Your email address will not be published. Required fields are marked *

Aron Gerencser

Aron Gerencser // Articles: 900

In the site's early beginnings, Aron was responsible for the bulk of the news posts that you'd find on GTA BOOM each and every day. He loves getting involved with the community and is an avid fan of all things Rockstar Games. Since then, Aron has become an editor across all the content that is posted on GTA BOOM. His journey with the franchise began with GTA 2 back when it was new (all the way back in 1999), and he was a gamer even before then. Graduating summa cum laude from Università degli Studi Guglielmo Marconi with a BA in Media Production, Aron has been a game journalist since 2014. When not writing, editing or playing, Aron is building models which you can find on Instagram and Facebook.