The P2P malware is infecting any and all types of endpoints via brute-forcing, with 10 versions targeting desktops, laptops, mobile and IoT devices.
A freshly discovered botnet dubbed HEH by researchers is casting a wide net, looking to infect any and all devices that use Telnet on ports 23/2323. It’s particularly destructive: It contains code that wipes all data from infected systems.
Perhaps ironically, its operators also have a penchant for civil advocacy – a loading of the Universal Declaration of Human Rights, visible to researchers during analysis, accompanies each infection.
According to a 360Netlab analysis, samples of the bot are being found on a wide range of CPU architectures, including x86(32/64), ARM(32/64), MIPS(MIPS32/MIPS-III) and PPC – meaning it’s infecting desktops, laptops, mobile and internet-of-things (IoT) devices. It’s looking to brute-force Telnet credentials, and once in, it infects the target with a Go language binary that communicates with other bot nodes using a proprietary peer-to-peer protocol, researchers said.
Craig Young, computer security researcher for Tripwire’s vulnerability and exposure research team (VERT), noted that the use of Golang is an ongoing trend in malware development.
“Golang has been steadily rising in popularity including among IoT malware authors,” he said via email. “Go offers a strong feature set with the ability to easily produce self-contained executables across most popular architectures. This marks a shift from IoT malware like Mirai which uses C to produce very compact binaries compared to a Go executable.”
From a technical perspective, the botnet, which gets its name from phrasing inside the code samples, contains three functional modules, according to 360Netlab: A propagation module, a local HTTP service module and the P2P module.
Once a device has been successfully brute-forced (its dictionary includes 171 usernames and 504 passwords), a malicious shell script named wpqnbw.txt is executed on the host, according to the analysis. This propagation module is an initial loader, which goes on to download and execute multiple versions of the second-stage binaries – one for each possible device type.
The malicious scripts and binary programs are fetched from a legitimate pomf.cat site, which has been compromised, researchers explained.
Top Web & Mobile Application Development Company in India & USA. We specialize in Golang, Ruby on Rails, Symfony, Laravel PHP, Python, Angular, Mobile Apps, Blockchain, & Chatbots
The Mozi botnet, a peer-2-peer (P2P) malware known previously for taking over Netgear, D-Link and Huawei routers, has swollen in size to account for 90 percent of traffic flowing to and from all internet of things (IoT) devices, according to researchers. IBM X-Force noticed Mozi’s spike amid a huge increase in overall IoT botnet activity.
A set of address-spoofing bugs affect users of six different types of mobile browsers, with some remaining unpatched.
As more enterprises embrace the IoT, a host of new security vulnerabilities will come up. Take a look at top IoT security challenges and solutions.
What to watch out for, and how to protect yourself from malicious versions of these mobile shortcuts.Add a contact listing: Hackers can add a new contact listing on the user's phone and use it to launch a spear phishing or other personalized attack. Initiate a phone call: By triggering a call to the scammer, this type of exploit can expose the phone number to a bad actor.