Linux/Remaiten combines capabilities of two previous versions of bots and adds a unique spreading mechanism able to infect embedded devices.
ESET researchers have spotted a new and improved version of Kaiten, an Internet Relay Chat (IRC)-controlled malware typically used to carry out distributed denial-of-service (DDoS) attacks. The remastered malware has been dubbed “KTN-Remastered” or “KTN-RM”, with three versions of Linux/Remaiten already identified by ESET researchers. Based on artifacts in the code, the main feature of the malware is an improved spreading mechanism.
Based primarily on Linux/Gafgyt’s telnet scanning, KTN-RM improves on that spreading mechanism by carrying downloader executable binaries for embedded platforms such as routers and other connected devices. Targeting mainly those with weak login credentials.
„Further, the downloader‘s job is to request the Linux/Remaiten bot binary from the Command & Control server for its current architecture. When executed, it also creates another bot for the malicious operators to use. We have seen this technique used before by Linux/Moose to spread infections,“ says Michal Malík, ESET Malware Researcher.
In a strange twist, this strain of malware also has a message for those who might try to neutralize its threat.
“Within the welcome message, version 2.0 seems to single out malwaremustdie.org which has published extensive details about Gafgyt, Tsunami and other members of this family of Malware,” adds up Malík.
Additional details about the Linux/Remaiten Bot can be found in a technical article by Michal Malik on ESET’s official security blog, WeLiveSecurity.com.
[su_box title=”About ESET” style=”noise” box_color=”#336588″][short_info id=”60260″ desc=”true” all=”false”][/su_box]
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
Recent Comments
Meta’s fine over data privacy breaches underscores the critical challenges…
Hi, Thanks, that is really useful information. I do have…
“This is a very worrying attack that hit T-Mobile and…
“This latest cyberattack against T-Mobile may be smaller than previous…
“Genesis Market is a complex global criminal access marketplace. Buyers…