IoT Botnet Hacks Websites

Monday, December 11, 2017 @ 06:12 PM gHale

A Linux-centric Internet of Things (IoT) botnet is working to get into series of websites, researchers said.

Linux.ProxyM was first noticed in February, said researchers at Doctor Web.

Global Effort to Dismantle Botnet
Botnet DDoS Attacks Grow in Q3: Report
More Internet DoS Attacks Than Thought
Silence Trojan Making Financial Inroads

The mission of the Trojan is to launch a SOCKS proxy server on infected devices which allows attackers to leverage the proxy to perform steal information or infiltrate web sites. Attackers can use it to anonymously perform destructive actions.

The malware focused on the following devices: x86, MIPS, MIPSEL, PowerPC, ARM, Superh, Motorola 68000, and SPARC. Basically, it can infect “almost any Linux device, including routers, set-top boxes, and other similar equipment,” researchers said in a post.

Previous malicious campaigns leveraging the botnet were sending spam emails, with each infected device generating around 400 messages per day in September, Doctor Web researchers said.

Soon after, the bot started sending phishing messages. The emails supposedly came from DocuSign, a service providing users with the possibility to download, view, sign, and track the status of electronic documents.

The phishing messages included a link to a fake DocuSign website that featured an authorization form, in an attempt to trick users into entering their credentials.

After that, the victims then ended up redirected to the real DocuSign authorization page, while their login details had been sent to the attackers.

In December, Linux.ProxyM’s proxy server started being used to hack websites through various methods, including SQL injections, Cross-Site Scripting, and Local File Inclusion (LFI), the researchers said. Attackers operating the botnet targeted game severs and forums, and resources on other topics, including Russian websites.

Leave a Reply

You must be logged in to post a comment.