Meet dark_nexus, quite possibly the most potent IoT botnet ever:
A newly discovered botnet that preys on home routers, video recorders, and other network-connected devices is one of the most advanced Internet-of-things platforms ever seen, researchers said on Wednesday. Its list of advanced features includes the ability to disguise malicious traffic as benign, maintain persistence, and infect devices that run on at least 12 different CPUs[*].
Researchers from antivirus provider Bitdefender described the so-called dark_nexus as a "new IoT botnet packing new features and capabilities that put to shame most IoT botnets and malware that we've seen." In the three months that Bitdefender has tracked it, dark_nexus has undergone 30 version updates, as its developer has steadily added more features and capabilities.
The malware has infected at least 1,372 devices, which include video recorders, thermal cameras, and home and small office routers made by Dasan, Zhone, Dlink, and ASUS. Researchers expect more device models to be affected as dark_nexus development continues.
[...] The botnet has propagated both by guessing common administrator passwords and exploiting security vulnerabilities. Another feature that increases the number of infected devices is its ability to target systems that run on a wide range of CPUs[*]
[...] Bitdefender's report said that while the dark_nexus propagation modules contain code targeting ARC and Motorola RCE architectures, researchers have so far been unable to find malware samples compiled for these architectures.
[*] The executables are all statically linked and stripped. Except for x86 which has a 64-bit executable, all others are 32-bit. The targeted architectures are: arm5, arm6, arm7, mpsl, mips, i586, x86, spc, m68k, ppc, arc, sh4, rce. The researchers have examined samples of all of these except for arc and rce.
(Score: 2) by Thexalon on Sunday April 12 2020, @07:02PM
Also, as Bryan Lunduke explained in a talk [youtube.com], the upshot of IoT is that we'll have billions of Internet-connected devices running the equivalent of Windows ME or Linux 2.2.x.
$DEITY help us all.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.