jackskid

JackSkid is a Mirai-variant botnet used for distributed denial-of-service operations and offered through a cybercrime-as-a-service model. Reporting cited here states that U.S., Canadian, and German law enforcement disrupted its command-and-control infrastructure alongside the Aisuru, KimWolf, and Mossad botnets by seizing domains, virtual servers, IP addresses, and related infrastructure. The botnets collectively compromised millions of internet-connected devices, and JackSkid alone was reported to have launched about 90,000 DDoS attacks. The content describes JackSkid as targeting internet-connected devices and being able to infect devices traditionally hidden behind firewalls. The broader botnet cluster hijacked devices such as home Wi‑Fi routers, digital video recorders, security cameras, SOHO routers, and Android TV boxes, and was used both for DDoS attacks and proxy-style criminal services. The operators reportedly rented access to the botnet on cybercrime forums. One source in the provided content further characterizes JackSkid as a newly identified Mirai derivative active in late 2025, with propagation via brute force and claimed zero-day exploitation, adaptive exploit chaining, Rust-based cross-architecture modules for ARM, MIPS, and x86, anti-analysis features, IRC-like C2 over TCP/34125 with XOR encryption, and additional monetization through crypto-mining and data exfiltration. However, these technical details appear only in a single provided report and should be treated with caution. Known alias in the provided content: jackskid / JackSkid. JackSkid is presented as a botnet rather than a named nation-state actor, and no high-confidence nation-state attribution is directly supported by the content.