Network Security, IoT

Attacks with new Pumabot botnet hit Linux IoT devices

botnet bot-net computer virus

Internet of Things devices running on Linux have been targeted by the newly emergent PumaBot botnet in SSH brute-force attacks, according to Security Affairs.

After brute-forcing SSH credentials from retrieved IPs, the Go-based PumaBot botnet distributes itself and gathers system information while concealing its presence with a bogus systemd service before executing the XMRig cryptominer and the ddaemon and networkxm binaries, a report from Darktrace showed. Further analysis revealed PumaBot to be tracking traffic cameras and surveillance systems produced by Pumatronix, as well as conducting environment fingerprinting checks to bypass honeypots. "While [PumaBot] does not appear to propagate automatically like a traditional worm, it does maintain worm-like behavior by brute-forcing targets, suggesting a semi-automated botnet campaign focused on device compromise and long-term access," said Darktrace researchers, who urged organizations to defend themselves from the botnet by performing regular systemd service audits, tracking atypical SSH login patterns, and restricting port 22 exposure.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds