Forcepoint analyzed the JAKU botnet and found:
- The botnet primarily targeted victims in Korea, Japan, and China and used SQLite databases to manage over 20,000 infected devices.
- It distributed malware through poisoned BitTorrent files and its command and control infrastructure had resilient channels.
- The malware exfiltrated system information, network information, browser history and files from victims, which were primarily personal computers rather than from corporations.
- Victim locations were mapped and found to be concentrated in urban areas in Korea, Japan, and parts of Asia and Europe. The number of victims grew rapidly over time.