Info-tech

Now, cyber criminals target IoT devices with a new malware

Prashasti Awasthi Mumbai | Updated on October 11, 2020 Published on October 04, 2020

Barracuda researchers believe that a new malware is targeting IoT devices such as TVs, that run on Android operating systems, and Linux-based machines

Barracuda Networks, a provider of cloud-enabled security solutions, have detected a new variant of the InterPlanetary Storm malware that has been targeting Mac and Android devices in addition to Windows and Linux machines.

According to the researchers of the company, the malware is building a botnet that includes roughly 13,500 infected machines located in 84 different countries around the world.

The researchers claimed that the number continues to grow. The majority of the machines infected by the malware are located in Asia.

The first variant of Interplanetary Storm, which targeted Windows machines, was uncovered in May 2019. Its capability of attacking Linux machines was reported in June this year, as per the official release of the company.

This new variant, which Barracuda researchers detected in late August, is targeting IoT devices, such as TVs that run on Android operating systems, and Linux-based machines, such as routers with ill-configured SSH service.

The report further stated that the new InterPlanetary Storm malware uses the InterPlanetary File System (IPFS) p2p network and its underlying libp2p implementation. These are used to access machines and spreads using SSH (Secure Shell) brute force and open ADB ports, similar to its peer FritzFrog malware.

This allows infected nodes to communicate with each other directly or through other nodes. Written in the Go (Golang) programming language, malware detects the CPU architecture and running OS of its victims, and run on ARM-based machines, an architecture that is quite common with routers and other IoT devices. The malware also enables reverse shell and can run a bash shell.

Barracuda researchers have found several unique features that help the malware persist once it has infected a machine. It detects the computer security mechanism, honeypots, auto-updates itself, tries to persist itself by installing a service using a Go daemon package.

It also kills other processes on the machine that pose a threat to the malware, such as debuggers and competing malware, researchers added.

Speaking on the threat spotlight, Murali Urs, Country Manager-India, Barracuda Networks, commented: “While the botnet that this malware is building does not have clear functionality yet, it gives the campaign operators a backdoor into the infected devices so they can later be used for crypto mining, DDoS, or other large-scale attacks.”

He further added: “Although many cases of the new variant have been reported from Asian countries like China, Hong Kong, South Korea, and Taiwan, Indian IoT devices haven’t been much in the radar of the cybercriminal organizations. It is still important for us to remain vigilant.”

According to the researchers, such a rapidly evolving threat environment requires advanced inbound and outbound security techniques that go beyond the traditional gateway.

To safeguard IoT devices against this malware variant, it will be necessary to properly configure SSH access on all devices. This means using keys instead of passwords, which will make access more secure, the report suggested.

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

Published on October 04, 2020
  1. Comments will be moderated by The Hindu Business Line editorial team.
  2. Comments that are abusive, personal, incendiary or irrelevant cannot be published.
  3. Please write complete sentences. Do not type comments in all capital letters, or in all lower case letters, or using abbreviated text. (example: u cannot substitute for you, d is not 'the', n is not 'and').
  4. We may remove hyperlinks within comments.
  5. Please use a genuine email ID and provide your name, to avoid rejection.