Rapper Bot Malware Seized: Alleged Developer Identified and Charged

The U.S. Department of Justice (DoJ) has announced charges against Ethan Foltz, a 22-year-old from Eugene, Oregon, who is alleged to be the developer and administrator of the “Rapper Bot” DDoS-for-hire botnet. Foltz reportedly rented this botnet to cybercriminals targeting various organisations, leading to its seizure during ‘Operation PowerOff’ on August 6, following a raid at his residence. The Mirai-based malware botnet, also known as “Eleven Eleven” and “CowBot,” has been operational since at least 2021, infecting tens of thousands of Digital Video Recorders (DVRs) and router devices. The botnet’s firepower ranged from 2 to 6 terabits per second (Tbps), and it has been used to target over 18,000 entities across 80 countries, including U.S. government systems, major media platforms, gaming companies, and large tech firms.

In 2023, Rapper Bot incorporated a cryptomining module to enhance its revenue from compromised devices. Amazon Web Services (AWS) assisted in tracing the botnet’s command and control infrastructure, reporting that since April 2025, Rapper Bot has launched 370,000 attacks, with power levels exceeding 1 billion packets per second (pps) from over 45,000 compromised devices across 39 countries. The DoJ indicated that even brief DDoS attacks could cost victims thousands of dollars, often involving extortion. Foltz faces charges of aiding and abetting computer intrusions, which could result in a maximum sentence of ten years in prison if convicted. Currently, he remains free after being issued a summons following the criminal complaint, and there have been no signs of resurgence in Rapper Bot’s malicious activity since the seizure of its infrastructure. 

Categories: Cybercrime, DDoS Attacks, Botnet Operations 

Tags: DDoS, Botnet, Cybercriminals, Malware, Extortion, Seizure, Infrastructure, Attacks, Cryptomining, Surveillance