1 min read

New IoT Botnet Uses Tor to Obfuscate C2 Communications, Researchers Find

Silviu STAHIE

March 08, 2021

Promo Protect all your devices, without slowing them down.
Free 30-day trial
New IoT Botnet Uses Tor to Obfuscate C2 Communications, Researchers Find

Security researchers discovered that a new variant of the Gafgyt malware is on the loose, attacking D-Link routers and a couple of other IoT devices. The most significant difference from its predecessors is its use of Tor to hide its communication with the command and control center.

Malware targeting IoT devices is becoming more common as the number of smart appliances and other hardware arrives onto the market. The attacks on these targets are more sophisticated as developers close vulnerabilities and security companies identify malware campaigns.

The Gafgyt has been around for a while, but now a new variant is active in the wild, targeting D-Link (CVE-2019-16920), Citrix (CVE-2019-19781) and Liferay Portal RCE. Dubbed Gafgyt_tor, it uses the Tor network to cover its C2 communication to hide its malicious activity.

“Further analysis revealed that the family is closely related to the Necro family we made public in January and is behind the same group of people, the so-called keksec group,” said NetLab 360 researchers.

As usual with these types of IoT botnets, they target devices through the Telnet protocol, often left open and with weak credentials. Attackers also use three distinct vulnerabilities, all of which have been around for some time. Unfortunately, some affected devices (D-Link routers) are also reported to have reached their end of life, which means the manufacturer hasn’t fixed the problem through a patch. The only way to stay safe is to replace the router entirely.

The malware aims to compromise the device and turn it into a DDoS attack and scanning machine. The same group that deploys the Gafgyt_tor malware is also likely responsible for the Necro and Tsunami Botnets.

tags


Author


Silviu STAHIE

Silviu is a seasoned writer who followed the technology world for almost two decades, covering topics ranging from software to hardware and everything in between.

View all posts

You might also like

Bookmarks


loader