Security researchers from Bitdefender have uncovered a new botnet which is targeting millions of IoT devices.
The so-called dark_nexus botnet seeks to infect common IoT devices like smart cameras, routers, and more. Bitdefender gave dark_nexus its name after featuring in its user agent string when carrying out exploits over HTTP: “dark_NeXus_Qbot/4.0”.
Qbot is another IoT malware which dark_nexus takes inspiration from. Bitdefender found some code from Qbot, and the infamous Mirai, in dark_nexus’ code but says that most of its core modules are original.
Bitdefender has been tracking the botnet for over three months and says it’s able to launch a range of DDoS attacks, spread multiple strains of malware, and affects 12 different CPU architectures.
“While it might share some features with previously known IoT botnets, the way some of its modules have been developed makes it significantly more potent and robust,” Bitdefender says.
One of the unique features of dark_nexus is its use of a “scoring system” which assesses which processes might pose a risk to it. The botnet maintains a list of whitelisted processes and kills every other process that appears suspicious.
Bitdefender believes dark_nexus is created by a known botnet author that has been actively selling botnet code and DDoS services for many years. Under the username of greek.Helios, the suspected author has posted demos of his work on YouTube and posted information on cybercriminal forums.
You can find Bitdefender’s full whitepaper on dark_nexus here.
Interested in hearing industry leaders discuss subjects like this? Attend the co-located 5G Expo, IoT Tech Expo, Blockchain Expo, AI & Big Data Expo, and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London, and Amsterdam.