• The malware exploits the IoT device’s storage, removes firewall rules and network configurations, and then bricks the device.
  • It is reported that the attacks from this malware are still going on, impacting a significant number of IoT devices.

A new malware affecting IoT devices has been spotted in the wild. Known as ‘Silex’, the malware is found to brick these devices in significant numbers. It is reported that the attacks leveraging Silex are still in progress. This new malware was discovered by security researcher Larry Cashdollar of Akamai. The researcher suggested that Silex was likely targeting Unix-like systems with default credentials.

Worth noting

  • In a tweet, Cashdollar mentions that the Silex malware was corrupting the device’s storage, removed firewall rules, and network configurations and then proceeded to halt the device.
  • It was also identified that the malware was a bot designed for bricking IoT devices. ZDNet found that around 2000 devices were inoperable in an hour after the malware’s discovery.
  • The creator of this malware was linked to a hacker who went by the online name ‘Light Leafon’. He mentions that the malware began as a fun project which was eventually developed into a full-fledged bot.

Attacks traced to Iranian server

In an email to ZDNet, Cashdollar told that the source of the attacks was coming from a server based in Iran. “It appears the IP address that targeted my honeypot is hosted on a VPS server owned by novinvps.com, which is operated out of Iran,” Cashdollar said. However, the IP address was blacklisted on URLhaus project later.

Devices bricked in the attacks could be brought back to operation by re-installing the device’s firmware since Silex primarily targeted the firmware.

Cyware Publisher

Publisher

Cyware