HQ/EMEAFind out how we can help your business
A new KmsdBot malware version has acquired new capabilities that could allow it to target Internet of Things devices. Based on reports, the binary now contains Telnet scanning and support features for more CPU infrastructures.
This latest malware version appeared last July, a few months after it emerged as a botnet offering a DDoS-for-hire server to other hackers. Researchers noted that the consistent maintenance and upgrade of the malware indicated that it is an efficient tool in its campaigns.
The KmsdBot malware developers initially designed it to target gaming and cloud-hosting entities.
Researchers first documented the KmsdBot malware in November last year. The developers primarily designed the malware as a tool that targets private gaming servers and cloud hosting providers.
The malware could also scan random IP addresses for open SSH ports and run dictionary attacks on a system with a password list retrieved from an attacker-controlled server. In addition, the new upgrades include Telnet scanning that could infect various CPU architectures in numerous IoT devices.
The researchers revealed that the Telnet scanner could call a function that creates a random IP address like the SSH scanner. Next, it will try to link with port 23 on the IP address. Additionally, the Telnet scanner does not stop at the port 23 listening and not listening decision, but it could verify that the receiving buffer contains information.
The hackers accomplish the attack against Telnet by downloading the telnet[.]txt file includes a list of widely used weak passwords and their combinations for various apps. Furthermore, the threat actors also exploit that most IoT devices have their default credentials unchanged.
The current operations of the KmsdBot malware operators show how IoT devices remain susceptible and targeted by malicious entities. From a technical standpoint, including telnet scanning capabilities implies the growth of the botnet’s attack scope, which leads to more devices being compromised. The malware evolution and new upgrades for targeting CPU architectures pose an ongoing threat to the security of internet-connected machines.
Users should be aware of these threats and become more vigilant in securing their devices.
