A new malware affecting IoT devices has been spotted in the wild. Known as ‘Silex’, the malware is found to brick these devices in significant numbers. It is reported that the attacks leveraging Silex are still in progress. This new malware was discovered by security researcher Larry Cashdollar of Akamai. The researcher suggested that Silex was likely targeting Unix-like systems with default credentials.
Attacks traced to Iranian server
In an email to ZDNet, Cashdollar told that the source of the attacks was coming from a server based in Iran. “It appears the IP address that targeted my honeypot is hosted on a VPS server owned by novinvps.com, which is operated out of Iran,” Cashdollar said. However, the IP address was blacklisted on URLhaus project later.
Devices bricked in the attacks could be brought back to operation by re-installing the device’s firmware since Silex primarily targeted the firmware.