A New IoT Threat Malware Named Dark Nexus Discovered In the Wild

Recently cyber security researchers have discovered an IoT botnet threat that leverages corrupted smart devices to stage 'distributed denial-of-service' attacks, potentially triggered on-demand through platforms offering DDoS-for-hire services.

The botnet is called the "Dark_Nexus" by Bit defender researchers. It works by employing credential stuffing attacks against a variety of devices, such as routers (from Dasan Zhone, Dlink, and ASUS), video recorders and thermal cameras to co-opt them into the botnet.

So far Dark Nexus comprises at least 1,372 bots, acting as a reverse proxy, covering a number of countries like China, South Korea, Thailand, Brazil, and Russia.

As investigated by Bit defender Greek. Helios is the individual who has developed the Dark_Nexus. He is a known botnet author most ill known for selling DDoS services on social media and using a YouTube channel to advertise it.

The infrastructure consists of several command-and-control (C2) servers (switchnets[.]net:30047 amd thiccnigga[.]me:30047), which issue remote commands to the infected bots and reporting servers to which bots share details about vulnerable services (e.g., devices protected by default passwords).

Once the brute-force attack succeeds the bot registers to the C2 server identifying the device's CPU architecture so as to transmit custom infection payload via Telnet, download bot binaries and other malware components from a hosting server (switchnets[.]net:80), and execute them.

In addition, some versions of the botnet (4.0 to 5.3) come with a reverse proxy feature that lets the victim act as a proxy for the hosting server thereby directing the infected device to download and store the necessary executables locally instead of having to connect to the central hosting server.

ISOAH is the organization which conducts quality anti audits to prevent system corruption.

Read on for more news on cyber security: https://www.isoeh.com/breaking-news.html.