New destructive Silex malware bricks thousands of IoT-devices in just a few hours

New destructive Silex malware bricks thousands of IoT-devices in just a few hours

Security researchers have warned about a new strain of malware called Silex designed to wipe the firmware of IoT devices rendering them completely unusable. Initially attacks were spotted by the Akamai researcher Larry Cashdollar, who said that the malware managed to brick over 2,000 IoT devices in the span of just a few hours and the attacks are still ongoing.

According to Cashdollar, Silex malware trashes the storage of the infected devices by writing random data from /dev/random to any mounted storage it finds, drops firewall rules, wipes network configurations and flushes all iptables entries adding one that blocks all connections before halting the system. The only way to recover the bricked device is to manually reinstall the firmware.

To compromise the device the malware uses a list of known default credentials for IoT devices. It targets any Unix-like system with default login credentials, including Linux servers with open Telnet ports that use weak credentials, explained Cashdollar. He said that the IP address behind the observed attacks is hosted on a VPS server owned by novinvps.com, which is operated out of Iran. This IP has already been added to the URLhaus blacklist.

Another researcher, Ankit Anubhav from NewSky Security has managed to trace the operator behind the malware. Anubhav believes that Silex author is a 14-year-old teenager from Iran, who is known online under the pseudonym of Light Leafon. The same guy has also created the HITO IoT botnet.

In conversation with the researcher Light Leafon explained that initially the Silex malware was created as joke, but now has become a full-scale project. In the future he plans to add more capabilities to the malware, including the ability to log into IoT devices via SSH and a list of exploits to compromise the devices by exploiting vulnerabilities in them.

Back to the list

Latest Posts

European Commission launches an alternative to popular DNS services

European Commission launches an alternative to popular DNS services

DNS4EU was created to offer a competitive alternative to widely used public DNS services like Google’s Public DNS and Cloudflare’s DNS.
9 June 2025
Scattered Spider cybercrime gang shifts from SIM-swapping to more advanced techniques

Scattered Spider cybercrime gang shifts from SIM-swapping to more advanced techniques

The group has evolved from a simple SIM-swapping operation into a “global threat” using sophisticated credential-harvesting campaigns.
9 June 2025
OpenAI bans accounts linked to Russian and Chinese threat actors exploiting ChatGPT for cyber ops

OpenAI bans accounts linked to Russian and Chinese threat actors exploiting ChatGPT for cyber ops

Russian threat actors exploited ChatGPT to develop Windows-based malware, set up command-and-control (C2) infrastructure, and debug multi-language code.
9 June 2025