# Gayfemboy > Gayfemboy is a malware strain that infects corporate electronics including those from DrayTek, TP-Link, Raisecom, and Cisco by utilizing CVEs. It has affected companies in Brazil, France, Germany, Israel, Mexico, the United States, Switzerland, and Vietnam, and is impacting sectors such as construction, manufacturing, technology, and media/communications. History The malware was first discovered in February […] **Gayfemboy** is a malware strain that infects corporate electronics including those from DrayTek, TP-Link, Raisecom, and Cisco by utilizing CVEs. It has affected companies in Brazil, France, Germany, Israel, Mexico, the United States, Switzerland, and Vietnam, and is impacting sectors such as construction, manufacturing, technology, and media/communications. ## History The malware was first discovered in February 2024 by security researchers at Fortinet after a large amount of attacks were done by the Gayfemboy malware in January where the malware used the infected machines as a botnet to launch a wave of DDoS attacks against target websites. Known samples currently were obfuscated with a UPX packer but its header “UPX!” was replaced by non-printable characters in hexadecimal code “10 F0 00 00” making detection harder. Upon execution, the malware investigates the paths of each process located in “/proc/[PID]/exe” to gather information regarding active processes and their respective locations within the file system. It loads 47 command strings into memory and reviews all entries in “/proc/[PID]/cmdline”. If a match is found, it terminates … *Source: [Wikipedia](https://en.wikipedia.org/wiki/Gayfemboy)* --- ## Metadata - **URL:** https://wpsearchai.com/gayfemboy/ - **Published:** 2026-01-28T18:52:46+00:00 - **Modified:** 2026-01-28T18:52:46+00:00 - **Author:** admin - **Categories:** Internet of things