paint-brush
Newest Malware from Chinaby@sana-qazi
237 reads

Newest Malware from China

by Sana QaziJuly 6th, 2020
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

Newest Malware from China developed by Chinese which is attacking a device whose SSH ports are open. Malware is programmed by using GO language from scratch, not using any pre-existing malware. Kaiji is not only exploiting unpatched flaws but also spreading by attacking any public SSH server which allows password-based SSH authentication. The malware brute force the root user which is usually a combination of username and password. It is also said that, there are many different routines present within the malware that performing tasks differently.

Companies Mentioned

Mention Thumbnail
Mention Thumbnail
featured image - Newest Malware from China
Sana Qazi HackerNoon profile picture
“I think malware is a significant threat because the mitigation, like antivirus software, hasn’t evolved to a point to mitigate the risk to a reasonable degree.” Kevin Mitnick

Researchers say, they have discovered a new malware specifically designed to infect IoT and Linux devices. And the malware is developed by Chinese which is attacking a device whose SSH ports are open.

Intezar and +MalwareMustDie found this new malware named Kaiji. This malware is programmed by using GO language from scratch, not using any pre-existing malware. This malware is called rare because it was developed from the very beginning and secondly, there are already C and C++ projects are available on the internet and GitHub that could be used to perform the DDOS attack. There are very few IOT malware authors that waste their time in developing the malware from scratch.

Paul Litvak, malware analyst at Intezar lab, said, it is rare for a malware to be written from scratch. He also said, it is easier to develop a program in the Go language than in C/C++. And often it is easier to create a new program than to change the existing one.

It is also said that, Kaiji is not only exploiting unpatched flaws but also spreading by attacking any public SSH server which allows password-based SSH authentication. This malware brute force the root user which is usually a combination of username and password. And once the root user is compromised, then there is no problem in using the whole system.

An example of this would be when we download any flavor of Kali Linux, so it comes with the default username and password such as root/toor which we don’t bother to change and make mistakes. The problem with IoT devices is the same that they use default user and password for SSH authentication which is easily brute force through kaiji at first attempt.

Intezar team said that when the attack is successful, so the malware executes a bash script that creates a new directory in the lib folder and a final package gets installed with any authentic name such as netstat, etc. According to researchers, there are many different routines present within the malware that performing tasks differently. And one of the tools, demo, is an incomplete one that invokes the malware after a short period which increases the uses of RAM and crashes the memory. As well as, its main control and command server start rebooting frequently which leaves the infected devices behind without any master server and other botnets start hijacking those devices.

From all these signs, the researchers understood that kaiji is still under development malware. It is an IoT botnet that is under development but still making a huge impact on the world. IoT malware authors preferring to use modern languages such as GO, to create the malware. So, start using brute-force protections like Bitdefender IoT Security Platform and start changing your default passwords into the strong ones, to stay safe and secure.

“A minimum precaution: keep your anti-malware protection up to date and install security updates for all your software as soon as they arrive.”
— Barton Gellman