Monday, March 1, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

A New Emerging IoT Botnet Malware Spotted in the Wild

April 8, 2020
in Internet Privacy
A New Emerging IoT Botnet Malware Spotted in the Wild
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Cybersecurity researchers have discovered a new emerging IoT botnet threat that leverages compromised smart devices to stage ‘distributed denial-of-service’ attacks, potentially triggered on-demand through platforms offering DDoS-for-hire services.

The botnet, named “dark_nexus” by Bitdefender researchers, works by employing credential stuffing attacks against a variety of devices, such as routers (from Dasan Zhone, Dlink, and ASUS), video recorders, and thermal cameras, to co-opt them into the botnet.

You might also like

Cisco Releases Security Patches for Critical Flaws Affecting its Products

Malicious Amazon Alexa Skills Can Easily Bypass Vetting Process

North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware

So far, dark_nexus comprises at least 1,372 bots, acting as a reverse proxy, spanning across various locations in China, South Korea, Thailand, Brazil, and Russia.

“While it might share some features with previously known IoT botnets, the way some of its modules have been developed makes it significantly more potent and robust,” the researchers said. “For example, payloads are compiled for 12 different CPU architectures and dynamically delivered based on the victim’s configuration.”

Evidence gathered by Bitdefender points to greek.Helios as the individual behind the development of dark_nexus, who is a known botnet author infamous for selling DDoS services on social media platforms and using a YouTube channel to advertise its capabilities.


Inspired by known botnets Qbot and Mirai

Noting dark_nexus’ similarities to Qbot banking malware and Mirai, Bitdefender researchers said its core modules are “mostly original” and that it’s frequently updated, with over 30 versions released during the period from December 2019 to March 2020 (versions 4.0 through 8.6).

dark nexus botnet

“The startup code of the bot resembles that of Qbot: it forks several times, blocks several signals, and detaches itself from the terminal,” the researchers said.

“Then, in the vein of Mirai, it binds to a fixed port (7630), ensuring that a single instance of this bot can run on the device. The bot attempts to disguise itself by changing its name to ‘/bin/busybox.’ Another feature borrowed from Mirai is the disabling of the watchdog by periodic ioctl calls on the virtual device.”

The infrastructure consists of several command-and-control (C2) servers (switchnets[.]net:30047 amd thiccnigga[.]me:30047), which issue remote commands to the infected bots, and reporting servers to which bots share details about vulnerable services (e.g., devices protected by default passwords).

Once the brute-force attack succeeds, the bot registers to the C2 server identifying the device’s CPU architecture so as to transmit custom infection payload via Telnet, download bot binaries, and other malware components from a hosting server (switchnets[.]net:80), and execute them.

In addition, some versions of the botnet (4.0 to 5.3) come with a reverse proxy feature that lets the victim act as a proxy for the hosting server, thereby directing the infected device to download and store the necessary executables locally instead of having to connect to the central hosting server.

That’s not all. dark_nexus comes with persistence commands that prevent the device from getting rebooted by stopping the cron service and removing privileges to services that could be used to reboot said device in question.

dark nexus iot botnet

“It also uses a technique meant to ensure ‘supremacy’ on the compromised device,” Bitdefender observed.

“Uniquely, dark_nexus uses a scoring system based on weights and thresholds to assessing which processes might pose a risk. This involves maintaining a list of whitelisted processes and their PIDs, and killing every other process that crosses a threshold (greater or equal to 100) of suspicion.”

Your IoT Devices Are Up for Hire

The Mirai botnet, since its discovery in 2016, has been linked to a number of large-scale DDoS attacks. Since then, numerous variants of Mirai have sprung up, in part due to the availability of its source code on the Internet.

Botnet authors, likewise, have staged brute-force attacks on WordPress sites to insert Qbot banking trojan and download additional malware.

The fact that dark_nexus is built on the foundations of Mirai and Qbot is proof of the evolving tactics of botnet operators and inexperienced hackers alike, allowing them to add new functionality by exploiting a variety of vulnerabilities in poorly secured IoT devices and amass modern botnet armies.

“Using YouTube videos demoing some of his past work and posting offerings on various cybercriminal forums, greek.Helios seems to have experience with IoT malware skills, honing them to the point of developing the new dark_nexus botnet,” Bitdefender researchers concluded.


Credit: The Hacker News By: noreply@blogger.com (Ravie Lakshmanan)

Previous Post

Quantiphi Wins Google Cloud Social Impact Partner of the Year Award

Next Post

Dark_nexus botnet outstrips other malware with new, potent features

Related Posts

Cisco Releases Security Patches for Critical Flaws Affecting its Products
Internet Privacy

Cisco Releases Security Patches for Critical Flaws Affecting its Products

February 27, 2021
Malicious Amazon Alexa Skills Can Easily Bypass Vetting Process
Internet Privacy

Malicious Amazon Alexa Skills Can Easily Bypass Vetting Process

February 26, 2021
North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware
Internet Privacy

North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware

February 26, 2021
Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack
Internet Privacy

Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack

February 26, 2021
Chinese Hackers Using Firefox Extension to Spy On Tibetan Organizations
Internet Privacy

Chinese Hackers Using Firefox Extension to Spy On Tibetan Organizations

February 25, 2021
Next Post
Dark_nexus botnet outstrips other malware with new, potent features

Dark_nexus botnet outstrips other malware with new, potent features

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Machine Learning as a Service (MLaaS) Market Analysis Technological Innovation by Leading Industry Experts and Forecast to 2028 – The Daily Chronicle
Machine Learning

Machine Learning as a Service (MLaaS) Market Global Sales, Revenue, Price and Gross Margin Forecast To 2028 – The Bisouv Network

March 1, 2021
AI And Automation In HR: The Changing Scenario Of The Business
Data Science

AI And Automation In HR: The Changing Scenario Of The Business

February 28, 2021
Machine learning could aid mental health diagnoses: Study
Machine Learning

Machine learning could aid mental health diagnoses: Study

February 28, 2021
Python vs R! Which one should you choose for data Science
Data Science

Python vs R! Which one should you choose for data Science

February 28, 2021
Can Java be used for machine learning and data science?
Machine Learning

Can Java be used for machine learning and data science?

February 28, 2021
These four new hacking groups are targeting critical infrastructure, warns security company
Internet Security

These four new hacking groups are targeting critical infrastructure, warns security company

February 28, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Machine Learning as a Service (MLaaS) Market Global Sales, Revenue, Price and Gross Margin Forecast To 2028 – The Bisouv Network March 1, 2021
  • AI And Automation In HR: The Changing Scenario Of The Business February 28, 2021
  • Machine learning could aid mental health diagnoses: Study February 28, 2021
  • Python vs R! Which one should you choose for data Science February 28, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates