Researchers have identified a new botnet that looks to infect common smart IoT devices like video recorders, thermal cameras and routers.
This botnet, known as dark_nexus, is capable of launching a range of various DDoS attacks, spreading multiple malware strains, and can infect devices running on 12 different CPU architectures.
According to researchers at Bitdefender, who has been tracking this botnet for the last three months, the botnet has already infected over a thousand devices already and is now spreading.
- Android banking botnet targets thousands
- Raccoon malware affects all browsers
- "Corona antivirus" infects victims with malware
The botnet is thought to have been created by greek.Helios, a developer who has been selling DDoS services and botnet codes since 2017. In the past three months, dark_nexus has received 30 updates, making it more powerful and potent with each update.
The primary aim of this botnet is to carry out DDoS or distributed denial-of-service attacks on websites and services to render them useless by sending junk traffic.
The fact that it can mimic genuine web browser traffic makes this botnet more lethal than other strains, with the startup code of dark_nexus resembles that of the notorious Qbot.
The researchers revealed that "In terms of devices that seem compromised by the dark_nexus, the list is pretty extensive, ranging from various router models, such as Dasan Zhone, Dlink, and ASUS, to video recorders and thermal cameras.”
“The way some of its modules have been developed makes it significantly more potent and robust,” they added.
As per the report, dark_nexus can kill the restart process. This allows the botnet to run without any interruption while it uses the compromised device to deliver exploits and payloads.
Experts have pointed out that updating admin credentials and disabling remote access over the Internet can help in keeping your devices safe from malware attacks.
Via: BleepingComputer (opens in new tab)