KmsdBot Malware Gets an Upgrade: Now Targets IoT Devices with Enhanced Capabilities

2023-08-28 05:43

An updated version of a botnet malware called KmsdBot is now targeting Internet of Things devices, simultaneously branching out its capabilities and the attack surface.

The malware is designed to scan random IP addresses for open SSH ports and brute-force the system with a password list downloaded from an actor-controlled server.

The new updates incorporate Telnet scanning as well as allow it to cover more CPU architectures commonly found in IoT devices.

The attack against Telnet is accomplished by downloading a text file that contains a list of commonly used weak passwords and their combinations for a wide range of applications, mainly taking advantage of the fact that many IoT devices have their default credentials unchanges.

"The ongoing activities of the KmsdBot malware campaign indicate that IoT devices remain prevalent and vulnerable on the internet, making them attractive targets for building a network of infected systems," Cashdollar said.

"From a technical perspective, the addition of telnet scanning capabilities suggests an expansion in the botnet's attack surface, enabling it to target a wider range of devices. Moreover, as the malware evolves and adds support for more CPU architectures, it poses an ongoing threat to the security of internet-connected devices."

News URL

https://thehackernews.com/2023/08/kmsdbot-malware-gets-upgrade-now.html

#IOT #malware #upgrade