1 min read

New dark_nexus IoT Botnet Puts Others to Shame

Liviu ARSENE

April 08, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
New dark_nexus IoT Botnet Puts Others to Shame

Bitdefender researchers have recently found a new IoT botnet packing new features and capabilities that put to shame most IoT botnets and malware that we’ve seen.

We named the botnet “dark_nexus” based on a string it prints in its banner. In one of its earliest versions, it used this name in its user agent string when carrying out exploits over HTTP: “dark_NeXus_Qbot/4.0”, citing Qbot as its influence. Our analysis has determined that, although dark_nexus reuses some Qbot and Mirai code, its core modules are mostly original.

While it might share some features with previously known IoT botnets, the way some of its modules have been developed makes it significantly more potent and robust. For example, payloads are compiled for 12 different CPU architectures and dynamically delivered based on the victim’s configuration.

It also uses a technique meant to ensure “supremacy” on the compromised device. Uniquely, dark_nexus uses a scoring system based on weights and thresholds to assess which processes might pose a risk. This involves maintaining a list of whitelisted process and their PIDs, and killing every other process that that crosses a threshold of suspicion.

Interestingly, dark_nexus seems to have been developed by a known botnet author who has been selling DDoS services and botnet code for years. Using YouTube videos demoing some of his past work and posting offerings on various cybercriminal forums, greek.Helios seems to have experience with IoT malware skills, honing them to the point of developing the new dark_nexus botnet.

Download the whitepaper

tags


Author



Right now

Top posts

Vulnerabilities Identified in Wyze Cam IoT Device

Vulnerabilities Identified in Wyze Cam IoT Device

March 29, 2022

1 min read
New FluBot and TeaBot Global Malware Campaigns Discovered

New FluBot and TeaBot Global Malware Campaigns Discovered

January 26, 2022

10 min read
Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately

Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately

December 10, 2021

2 min read
Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand

Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand

November 08, 2021

2 min read
Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware

Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware

September 16, 2021

2 min read
LuminousMoth – PlugX, File Exfiltration and Persistence Revisited

LuminousMoth – PlugX, File Exfiltration and Persistence Revisited

July 21, 2021

9 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Under Siege for Months: the Anatomy of an Industrial Espionage Operation Under Siege for Months: the Anatomy of an Industrial Espionage Operation
Alexandru MAXIMCIUCVictor VRABIE
1 min read
New FluBot Campaign Sweeps through Europe Targeting Android and iOS Users Alike New FluBot Campaign Sweeps through Europe Targeting Android and iOS Users Alike
Filip TRUȚĂRăzvan GOSAAdrian Mihai GOZOB
4 min read
New FluBot and TeaBot Global Malware Campaigns Discovered New FluBot and TeaBot Global Malware Campaigns Discovered
Bitdefender

January 26, 2022

10 min read