HQ/EMEAFind out how we can help your business
Last year’s XorBot botnet has reappeared recently in the cybercriminal landscape, posing a severe threat to Internet of Things (IoT) devices globally.
This botnet, discovered late last year, has progressed exponentially after incorporating advanced anti-detection methods and a broader arsenal of vulnerabilities. Its latest version, 1.04, provides additional upgraded capabilities for bypassing cybersecurity defences.
Since its inception, XorBot has consistently demonstrated a capacity to adapt and avoid discovery. XorBot has become an undeniable security threat in the Internet of Things (IoT), with attackers targeting Intelbras cameras and TP-Link and D-Link routers.
The botnet now supports up to 12 exploit methods and has become more diversified as it can control a large number of devices. After gaining access, the virus then installs itself in the compromised devices’/tmp directory, where it remains hidden and resistant to external modification.
The XorBot botnet has seen many forms.
The XorBot botnet has gone through multiple iterations, each with substantial enhancements.
The researchers revealed that the early malware versions supported five DDoS attack modes, while the most recent version supports more than ten. Moreover, the Trojan uses multi-round XOR encryption, similar to the Mirai botnet, and disguises itself as a standard system file to establish persistence on infected devices.
The botnet also monopolises resources on infected computers, making the /tmp directory read-only and preventing other malware from infecting the same system.
However, the latest development about this threat is that its operators have shifted their profitability tactics. As of now, this campaign is used to advertise distributed denial-of-service (DDoS) attacks.
Telegram has become the leading platform for the malware to recruit customers and promote services, which the researchers warn can fund the botnet’s subsequent expansion and development.
As of now, the botnet uses sophisticated evasion tactics, such as anti-tracking, code obfuscation, and communication stealth.
XorBot’s growth and adoption of advanced tactics show the growing sophistication of IoT-targeted threats. The malware’s authors continuously increase their investment in anti-detection and anti-tracking technologies, making security operations more difficult.
Therefore, the public should always ensure that their devices are up to date to avoid attacks that can be easier to execute through outdated and vulnerable machines.
