- Researchers from Avast have identified a worrying botnet affecting IoT devices
- Called ‘Torii,’ the virus infects devices at a server level that have weak encryption
- Virus can fetch and execute different commands, making it ‘very sophisticated’
Keep an eye on your smart home devices.
Security experts have identified what they consider the ‘most sophisticated botnet they’ve ever seen’ and it’s believed to be targeting internet of things gadgets.
Antivirus firm Avast said in a new report they’ve been closely watching a new malware strain, called ‘Torii,’ which uses ‘advanced techniques’ to infect devices.
‘…This one tries to be more stealthy and persistent once the device is compromised, an it does not (yet) do the usual stuff a botnet does like [Distributed Denial of Service attacks], attacking all the devices connected to the internet, or, of course, mining cryptocurrencies,’ Avast researchers wrote in a blog post.
The malware goes after devices that have weak encryption, using the Telnet remote access protocol.
Telnet is a remote access tool that’s primarily used to log into remote servers, but it’s largely been replaced by tools that are more secure.
Once it has identified a poorly secured system, Torii will attempt to steal your personal information.
It’s entirely possible that vulnerable IoT device owners have no idea their device has been compromised.
‘As we’ve been digging into this strain, we’ve found indications that this operation has been running since December 2017, maybe even longer,’ the researchers wrote.
While Torii hasn’t attempted cryptojacking or carried out DDoS attacks, researchers say the malware is capable of fetching and executing commands of different kinds on the infected device, making it very sophisticated.
What’s more, many smart home gadgets are connected to one another, and it’s unclear yet if the malware is capable of spreading to other devices.
‘Even though our investigation is continuing, it is clear that Torii is an example of the evolution of IoT malware, and that its sophistication is a level above anything we have seen before,’ the Avast researchers explained.
Once Torii infects a device, it floods it with information and communicates with the master server, allowing the author of the malware to execute any code or deliver any payload to the infected device, according to researchers.
‘This suggests that Torii could become a modular platform for future use,’ the researchers continued.
‘Also, because the payload itself is not scanning for other potential targets, it is quite stealthy on the network layer. Stay tuned for the follow ups.’
WHAT IS A DDOS ATTACK?
DDoS stands for Distributed Denial of Service.
These attacks attempt to crash a website or online service by bombarding them with a torrent of superfluous requests at exactly the same time.
The surge of simple requests overload the servers, causing them to become overwhelmed and shut down.
In order to leverage the number of requests necessary to crash a popular website or online service, hackers will often resort to botnets – networks of computers brought under their control with malware.
Malware is distributed by tricking users into inadvertently downloading software, typically by tricking users into following a link in an email or agreeing to download a corrupted file.