Researchers discovered a Silex malware terrorist that destroys IoT devices

A new malware that disables IoT devices appeared on the Internet.

According to the testimony of a ZDNet reporter, in an hour of observation, the malware, called Silex, increased the number of its victims from 350 to 2000, turning their devices into useless bricks.

Firstly new attack discovered by Akamai expert Larry Cashdollar, His analysis showed that Silex achieves its goal by performing a series of destructive actions: it fills the gadget’s memory with random data, deletes network settings and firewall rules, bans all connections (using the iptables utility), and then stops or reloads the infected device.

Larry Cashdollar
Larry Cashdollar

“It’s as destructive as it can get without actually frying the IoT device’s circuits. To recover, victims must manually reinstall the device’s firmware, a task too complicated for the majority of device owners”, — reported Larry Cashdollar.

In a comment for ZDNet, CashDollar clarified that new malware attacks Unix-like systems and hacks them using the default login and password for Telnet. In response to a question about the source of the current attacks, expert said that his trap fixed the IP address belonging to the Iranian VPS service provider. This IP has already been added to the URLhaus blacklist.

Ankit Abunhav
Ankit Abunhav
Another expert, Ankit Anubhav of NewSky Security, was able to identify the author of Silex. He was a 14-year-old teenager using the nickname Light Leafon; he is already known to NewSky as the creator of the HITO IoT botnet.

Regarding his new project, Light Leafon stated that, by causing a permanent denial of service on the attacked devices, he does not pursue selfish goals. On the creation of Silex his feat, apparently, an example of BrickerBot – IoT-malware, which in less than a year managed to disable several million devices. The author of BrickerBot wanted in such a barbaric way to draw everyone’s attention to the problem of protecting smart gadgets, army of which is growing rapidly.

“Light Leafon — one of the most prominent and talented IoT threat actors at the moment. It is impressive and at the same time sad that Light Leafon, being a minor, is utilizing his talent in an illegal way”, — Ankit Anubhav gave characteristic to the teenager.

In a conversation with Anubhav, Light Leafon also shared his future plans. Young hacker is going to extend functionality of Silex, adding the ability to connect to the attacked devices via SSH and equipping it with exploits that are used by modern IoT bots, the successors of Mirai and Qbot.


About Trojan Killer

Carry Trojan Killer Portable on your memory stick. Be sure that you’re able to help your PC resist any cyber threats wherever you go.

Check Also

MageCart on the Heroku Cloud Platform

Researchers Found Several MageCart Web Skimmers On Heroku Cloud Platform

Researchers at Malwarebytes reported about finding several MageCart web skimmers on the Heroku cloud platform …

Android Spyware CallerSpy

CallerSpy spyware masks as an Android chat application

Trend Micro experts discovered the malware CallerSpy, which masks as an Android chat application and, …

Leave a Reply