Researchers have found a new IOT botnet surfacing in the wild.
The botnet performs a DDOoS attack on the compromised devices. It works by credential stuffing attacks against devices such as routers, video recorders, and thermal cameras, to trap them into the botnet. There are around 1372 bots deployed by the malware in China, South Korea, Thailand, Brazil, and Russia.
The core modules of the botnet are mostly original and are frequently updated, with over 30 versions released during the period from December 2019 to March 2020. Botnet’s infrastructure consists of various Command and Control servers which issue remote commands to the infected bots, and reporting servers to which bots share details about vulnerable services.
Once the brute-force attack succeeds, the bot registers to the C2 server identifying the device’s CPU architecture and transmits custom infection payload via Telnet, download bot binaries, and other malware components from a hosting server and executes them.
Dark Nexus comes with commands that prevent the device from getting rebooted by stopping the cron services of the device and removing privileges to services that could be used to reboot the device. NPAV recommends the users to keep the cyber security measures updated so that they could defend you against the latest viruses surfacing in the world.
Use NPAV and join us on a mission to secure the cyber world.