Security researchers have discovered a new malware called Kaji which is targeting IoT devices using SSH brute-force attacks.
Malware is increasingly targeting IoT devices, and it’s little surprise why. Statista estimates there are around 20 billion IoT devices installed today, while IDC predicts 41.6 billion devices generating 79.4 zettabytes of data by 2025.
The malware is thought to be Chinese in origin and has stood out for its use of the programming language Go.
Most new IoT malware is coded in C++ or C as many existing projects – whether open-source or posted on hacking forums – use one of the two languages. Building a new strain of malware is made easier by adapting an existing one. For example, many variations of the notorious IoT botnet Mirai have cropped up in recent years.
“The Internet of Things botnet ecosystem is relatively well-documented by security specialists,” said Paul Litvak, malware analyst at Intezer. “It is not often that you see a botnet’s tooling written from scratch.”
Kaji uses SSH brute-force attacks to compromise IoT devices with that port exposed. The researchers say the malware is unable to use exploits to gain control of patched devices, at least for now.
The researchers believe Kaji is still a work-in-progress as it lacks features common in more advanced malware, contains the string “demo” in various places, and often crashes due to calling itself too many times and causing the host device to run out of memory.
The malware only targets the root account of devices in order to have the ability to manipulate packets for carrying out DDoS attacks.
Once infected, Kaji uses the hacked IoT device to carry out DDoS attacks. The device is also used to try and compromise others through the same SSH brute-force method.
Interested in hearing industry leaders discuss subjects like this? Attend the co-located 5G Expo, IoT Tech Expo, Blockchain Expo, AI & Big Data Expo, and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London, and Amsterdam.