Oregon Man Charged Over Massive Rapper Bot Cyberattack Network - 1

Image by Road Ahead, from Unsplash

Oregon Man Charged Over Massive Rapper Bot Cyberattack Network

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

A 22-year-old man from Oregon has been charged with running one of the world’s most powerful cyberattack tools, known as “Rapper Bot.”

In a rush? Here are the quick facts:

  • Over 370,000 attacks targeted 18,000 victims in 80 countries.
  • Attacks reached 2–6 terabits per second, causing $500–$10,000 losses.
  • Rapper Bot’s creator faces up to 10 years if convicted of computer intrusions.

Ethan Foltz, a resident of Eugene, Oregon, has been accused by prosecutors of creating and running a botnet that spread to tens of thousands of internet-connected devices.

These devices, which ranged from DVRs to Wi Fi routers, were then hijacked to carry out attacks on websites and servers around the globe. Essentially, once a device was compromised, it became a soldier in a massive digital army launching coordinated assaults that overwhelmed their targets, known as Distributed Denial of Service attacks.

According to court documents, Rapper Bot, also called “Eleven Eleven Botnet” and “CowBot”, has been active since 2021, carrying out more than 370,000 attacks against 18,000 victims across 80 countries. Victims included U.S. government systems, major social media platforms, gaming companies, and large tech firms.

The attacks often reached speeds of 2 to 3 terabits per second, with the largest possibly exceeding 6 terabits. Even short attacks lasting just 30 seconds could cost victims between $500 and $10,000. Authorities also say some Rapper Bot customers used it to extort money, threatening to unleash devastating attacks unless victims paid up.

“Rapper Bot was one of the most powerful DDoS botnets to ever exist, but the outstanding investigatory work by DCIS cyber agents and support of my office and industry partners has put an end to Foltz’s time as administrator and effectively disrupted the activities of this transnational criminal group,” said U.S. Attorney Michael J. Heyman.

Special Agent Kenneth DeChellis of the Defense Criminal Investigative Service added: “The Rapper Bot malware was a clear threat, and the focused efforts of DCIS, our industry partners, and the federal prosecutors at the U.S. Attorney’s Office in Alaska, sends a clear signal to those who would harm the DoD’s personnel, infrastructure, and intellectual property, that their actions will come at a cost.”

Foltz has been charged with aiding and abetting computer intrusions, which carries up to 10 years in prison if convicted.

Free AI Website Tool Becomes A Favorite for Hackers - 2

Image by Boitumelo, from Unsplash

Free AI Website Tool Becomes A Favorite for Hackers

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

Hackers are abusing AI website tool Lovable to develop fake websites that duplicate trusted companies to steal passwords, financial information and cryptocurrency.

In a rush? Here are the quick facts:

  • Proofpoint found tens of thousands of fake Lovable URLs monthly since February 2025.
  • Scams mimic Microsoft logins, UPS deliveries, and even crypto platforms.
  • Victims risk stolen passwords, financial data, and drained digital wallets.

The AI website builder Lovable has become a preferred tool for cybercriminals who use it to create fake websites for phishing and malware attacks, according to Proofpoint research .

The free website builder service allows users to create sites through text prompts, however cybercriminals use it to create fake websites that impersonate major brands. This allows them to steal personal and financial data, as well as drain cryptocurrency wallets.

“The barrier to entry for cybercriminals has never been lower,” Proofpoint researchers wrote.

Researchers say tens of thousands of malicious ‘lovable[.]app’ URLs have been detected in email threats each month since February 2025.

Proofpoint describes how in a major campaign, attackers used CAPTCHA puzzles to direct victims toward fake Microsoft login pages that stole passwords, multifactor authentication tokens, and cookies using the Tycoon phishing kit. In another campaign, the attackers used fake UPS shipping notifications to steal payment information, which they then transmitted to criminal Telegram accounts.

Malware delivery has also been observed. In July, Proofpoint found a German-language campaign that used Lovable to host a fake download site, ultimately tricking victims into installing malicious software.

Lovable, which was also flagged by Guardio earlier this year, says it is responding. The company confirmed that it matched Proofpoint’s findings with malicious activity its own team had discovered.

“In July 2025, Lovable introduced both real-time detections to prevent creation of malicious websites as users prompt the tool, and automated daily scanning of published projects to flag potentially fraudulent projects,” the company said as reported by Proofpoint. Additional protections to detect fake accounts are planned for later this year.

Proofpoint concludes that while AI tools like Lovable can help legitimate users build websites, their misuse highlights how AI “can significantly lower the barrier to entry for cybercriminals.”