Barracuda Networks, a provider of cloud-enabled security solutions, have detected a new variant of the InterPlanetary Storm malware that has been targeting Mac and Android devices in addition to Windows and Linux machines.
According to the researchers of the company, the malware is building a botnet that includes roughly 13,500 infected machines located in 84 different countries around the world.
The researchers claimed that the number continues to grow. The majority of the machines infected by the malware are located in Asia.
The first variant of Interplanetary Storm, which targeted Windows machines, was uncovered in May 2019. Its capability of attacking Linux machines was reported in June this year, as per the official release of the company.
This new variant, which Barracuda researchers detected in late August, is targeting IoT devices, such as TVs that run on Android operating systems, and Linux-based machines, such as routers with ill-configured SSH service.
The report further stated that the new InterPlanetary Storm malware uses the InterPlanetary File System (IPFS) p2p network and its underlying libp2p implementation. These are used to access machines and spreads using SSH (Secure Shell) brute force and open ADB ports, similar to its peer FritzFrog malware.
This allows infected nodes to communicate with each other directly or through other nodes. Written in the Go (Golang) programming language, malware detects the CPU architecture and running OS of its victims, and run on ARM-based machines, an architecture that is quite common with routers and other IoT devices. The malware also enables reverse shell and can run a bash shell.
Barracuda researchers have found several unique features that help the malware persist once it has infected a machine. It detects the computer security mechanism, honeypots, auto-updates itself, tries to persist itself by installing a service using a Go daemon package.
It also kills other processes on the machine that pose a threat to the malware, such as debuggers and competing malware, researchers added.
Speaking on the threat spotlight, Murali Urs, Country Manager-India, Barracuda Networks, commented: “While the botnet that this malware is building does not have clear functionality yet, it gives the campaign operators a backdoor into the infected devices so they can later be used for crypto mining, DDoS, or other large-scale attacks.”
He further added: “Although many cases of the new variant have been reported from Asian countries like China, Hong Kong, South Korea, and Taiwan, Indian IoT devices haven’t been much in the radar of the cybercriminal organizations. It is still important for us to remain vigilant.”
According to the researchers, such a rapidly evolving threat environment requires advanced inbound and outbound security techniques that go beyond the traditional gateway.
To safeguard IoT devices against this malware variant, it will be necessary to properly configure SSH access on all devices. This means using keys instead of passwords, which will make access more secure, the report suggested.