At a Glance:
The so-called dark_nexus botnet seeks to infect common IoT devices.
Bitdefender has been tracking the botnet for over three months and says it’s able to launch a range of DDoS attacks.
Bitdefender believes dark_nexus is created by a known botnet author that has been actively selling botnet code and DDoS services for many years.
have uncovered a new botnet that is targeting millions of IoT devices.
The so-called dark_nexus botnet seeks to infect common like smart cameras, routers, and more. Bitdefender gave dark_nexus its name after featuring in its user agent string when carrying out exploits over HTTP: “dark_NeXus_Qbot/4.0”.
Qbot is another IoT malware which dark_nexus takes inspiration from. Bitdefender found some code from Qbot, and the infamous Mirai, in dark_nexus’ code but says that most of its core modules are original.
Bitdefender has been tracking the for over three months and says it’s able to launch a range of DDoS attacks, spread multiple strains of malware, and affects 12 different CPU architectures.
Finding and fixing blind spots in enterprise IoT security
While it might share some features with previously known IoT botnets, the way some of its modules have been developed makes it significantly more potent and robust.
One of the unique features of dark_nexus is its use of a “scoring system” which assesses which processes might pose a risk to it. The botnet maintains a list of whitelisted processes and kills every other process that appears suspicious.
Bitdefender believes dark_nexus is created by a known botnet author that has been actively selling botnet code and DDoS services for many years. Under the username of greek. Helios, the suspected author has posted demos of his work on YouTube and posted information on cybercriminal forums.
You can find Bitdefender’s full whitepaper on dark_nexus .