New Kaiji Botnet targets IoT devices with SSH brute force attacks

Recently, the security research team discovered a malware called “Kaiji”, which is specifically used to infect Linux-based servers and intelligent Internet of Things (IoT) devices. Then hackers will abuse these systems to launch DDoS attacks.

It is understood that this malware is very different from other types of IoT malware, mainly because it is written using the Go programming language rather than C or C ++ used by most IoT malware today. Go malware is rare, it is rare to see botnet tools written from scratch.

It is reported that, according to Paul Litvak and MalwareMustDie researchers, “Kaiji” has been discovered in the wild, and has begun to spread around the world. In response, researchers say that currently, botnets cannot use vulnerabilities to infect unpatched devices. However, the “Kaiji” botnet can perform brute force attacks on IoT devices and Linux servers whose SSH devices are exposed to the Internet.

“Kaiji” as the latest IoT botnet in the field of IoT malware compared to other more mature botnets, the Kaiji code lacks certain functionality, “Kaiji” contains the “demo” string in some places. In addition, the “Kaiji” command and control server is also usually offline, so that the infected device does not have any primary server and is easily hijacked by other botnets. Although the botnet is not a mainstream threat now, it does not mean that it will not be in the future, so the MalwareMustDie and Litvak research teams are now tracking Kaiji’ development.

Via: threatpost