The malware is called InterPlanetary Storm and has been active since May 2019.
The malware is based on building a huge botnet that targets user machines globally in about 84 countries but predominantly from Asia. In fact, 59% of the 13500 infected machines come from only 3 countries: Hong Kong, South Korea, and Taiwan.
The malware is basically targeting the IoT devices around the globe so that it can use them in future for launching and hosting various other cyber attacks. The cyber attacks can include crypto-mining, distributed denial of service (DDoS) attacks, and other vectors that make use of large scale machines.
Brute-forcing SSH servers are being used by malware to gain access to Android Debug Bridge servers. Malware was also found to kill system processes that can threaten its running like debugging processes. Malware also includes an auto-update feature in its code.
NPAV recommends two procedures of saving yourself from InterPlanetary Storm. The first one is to make your SSH servers much more secure through mechanisms such as replacing passwords with keys. Secondly, a cloud security management tool which could help monitor the access of different users to SSH.
Install NPAV on your devices to protect them from all kinds of cyber attacks. Use NPAV and join us on a mission to secure the cyber world.