Apparently This Botnet Has A YouTube Channel
As there is far too much good news going around right now, here is a look at a new generation of IoT malware. Hopefully ARM or the odd conglomeration of corporations which are bashing out something resembling a standard for IoT will put a bit effort into shoring up security as the bad actors are investing a lot of efforts into their side of the equation. Ars Technica offers a look into one of the most well crafted pieces of IoT malware here.
The developer has a faster update schedule than Zoom, with 30 version updates in the past three months according to BitDefender who have been tracking dark_nexus since they first detected it. The malware is quite inclusive as they have spotted it running on devices with a variety of CPUs, as opposed to being limited to small number of architectures like most other IoT malware. It is also able to hide itself as valid traffic in most cases which makes it hard to locate in the first place and it will survive a reboot; another unique feature to this malware.
Researchers from antivirus provider Bitdefender described the so-called dark_nexus as a “new IoT botnet packing new features and capabilities that put to shame most IoT botnets and malware that we’ve seen.” In the three months that Bitdefender has tracked it, dark_nexus has undergone 30 version updates, as its developer has steadily added more features and capabilities.