An increasing number of cyber crooks choose to try their luck in creating malware targeting IoT (Internet-of-Things) devices as more and more devices are becoming ‘smart’ and are thus connected to the Internet. An additional factor in the increased interest in infecting IoT devices is that they often have very weak security features making them a lucrative target for cybercriminals. However, IoT devices usually have very limited abilities and are thus normally used to build large botnets whose purpose is launching DDoS (Distributed-Denial-of-Service) attacks.
Fell For a ‘Honeypot’
In 2019, malware researchers discovered a fairly large IoT botnet named Neko. This botnet was first seen in the wild when a researcher-operated IoT device (Honeypot) was infected by the threat. The machines that are a part of a Honeypot are normally made to be vulnerable on purpose so that cyber crooks will infect them easily, which would allow the cybersecurity researchers to dissect the malware.
The main purpose of infecting IoT devices is to build botnets for DDoS attacks, but the Neko Botnet seems to have more features, which allow it to execute more commands. This botnet is able to detect whether there is other malware present on the compromised system, and if there is, it will remove it swiftly. This may seem like a positive trait, but it is not done out of the good of the hearts of the Neko Botnet operators but is an action, which would ensure that nothing will be in their way to perform their shady activities. The Neko Botnet also allows its operators to terminate processes and execute shell commands. It has been confirmed that the Neko Botnet targets devices that are manufactured by Huawei, MVPower, GPON and Linksys. The Neko Botnet also searches for the presence of outdated applications like RealtekSDK and ThinkPHP specifically.
If you have IoT devices in your household, make sure you update their software regularly as this will make it much less likely for your smart devices to become a part of a botnet.