Sign In

Communications of the ACM

ACM TechNews

Kaiji Malware Targets IoT Devices Via SSH Brute-Force Attacks


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
Mapping Kaiji malware outbreaks.

A new strain of malware was created to infect Linux-based servers and smart Internet of Things devices.

Credit: ZDNet

Researchers at Intezer Labs have discovered a new strain of malware that was specifically built to infect Linux-based servers and smart Internet of Things (IoT) devices.

The Kaiji malware is written in the Go programming language—rather than C or C++, the two languages in which most modern IoT malware is coded.

The botnet is currently incapable of using exploits to infect unpatched devices. Instead, Kaiji executes brute-force attacks against IoT devices and Linux servers that have left their SSH port exposed on the Internet.

After it gains access to a device's root account, Kaiji uses the device in three ways: for distributed denial of service (DDoS) attacks; to carry out more SSH brute-force attacks against other devices, and to steal any local SSH keys and spread to other devices the root account has managed in the past.

From ZDNet
View Full Article

 

Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA


 

No entries found