Behind the executing hand of cyberattacks, there are motivations other than pure extortion and theft that cybercriminals often practice. Motivations such as espionage and sabotage, attempts to interfere in processes to delegitimize their result, IPStorm (Interplanetary Storm) could be the clearest example of this.
The number of devices infected with this malware has grown from around 3,000 infected systems on the botnet in May 2019 to more than 13,500 devices this month. Devices are infected in 84 countries, but mainly in Asia. Furthermore, 59% of the 13,500 infected devices are in three countries: Hong Kong, South Korea, and Taiwan. The rest are spread across the globe, and the malware is currently targeting IoT devices that you can use for cryptocurrency mining, DDoS attacks, and other purposes.
At the time of the malware detection, the researchers noted several characteristics that distinguish IPStorm from other malware. For example, the full name of the InterPlanetary Storm malware comes from the InterPlanetary File System (IPFS), a peer to peer protocol that enables communication between infected systems.
According to Bitdefender and Barracuda Security companies, IP Storm targets and infects Android systems by scanning the Internet for devices with an open ADB (Android Debug Bridge) port, and after this, IPStorm gains its initial foothold on these systems, it typically checks for the presence of honeypot software, ensures itself to run on devices, and then completes processes that may threaten its operation.
The latest revision of IPStorm malware attacks Unix and Linux based systems (which, among others, also includes Android) with SSH server with weak credentials. Once a device is infected, it creates a back door and obtains the necessary permissions to be able to execute shell commands and, as is common in these networks, it joins the botnet in the search for new systems to compromise its security. Everything, of course, awaiting orders from the command and control servers that, at any time, can take control of the network.
[…] also:IPStorm – What we know about this botnetLemon Duck – Botnet that Attacks Linux and […]
[…] also:IPStorm – What we know about this botnetBotnet malware that turns your PC into a […]