26 June 2019

New destructive Silex malware bricks thousands of IoT-devices in just a few hours


New destructive Silex malware bricks thousands of IoT-devices in just a few hours

Security researchers have warned about a new strain of malware called Silex designed to wipe the firmware of IoT devices rendering them completely unusable. Initially attacks were spotted by the Akamai researcher Larry Cashdollar, who said that the malware managed to brick over 2,000 IoT devices in the span of just a few hours and the attacks are still ongoing.

According to Cashdollar, Silex malware trashes the storage of the infected devices by writing random data from /dev/random to any mounted storage it finds, drops firewall rules, wipes network configurations and flushes all iptables entries adding one that blocks all connections before halting the system. The only way to recover the bricked device is to manually reinstall the firmware.

To compromise the device the malware uses a list of known default credentials for IoT devices. It targets any Unix-like system with default login credentials, including Linux servers with open Telnet ports that use weak credentials, explained Cashdollar. He said that the IP address behind the observed attacks is hosted on a VPS server owned by novinvps.com, which is operated out of Iran. This IP has already been added to the URLhaus blacklist.

Another researcher, Ankit Anubhav from NewSky Security has managed to trace the operator behind the malware. Anubhav believes that Silex author is a 14-year-old teenager from Iran, who is known online under the pseudonym of Light Leafon. The same guy has also created the HITO IoT botnet.

In conversation with the researcher Light Leafon explained that initially the Silex malware was created as joke, but now has become a full-scale project. In the future he plans to add more capabilities to the malware, including the ability to log into IoT devices via SSH and a list of exploits to compromise the devices by exploiting vulnerabilities in them.

Back to the list

Latest Posts

Chinese hackers reportedly breach Volkswagen Group, steal proprietary technology

Chinese hackers reportedly breach Volkswagen Group, steal proprietary technology

The hackers targeted the company for at least five years.
22 April 2024
MITRE discloses security breach via Ivanti zero-days

MITRE discloses security breach via Ivanti zero-days

The organization said that an unnamed foreign state-sponsored threat actor was behind the attack.
22 April 2024
CrushFTP patches actively exploited zero-day

CrushFTP patches actively exploited zero-day

The flaw is being exploited in attacks targeting CrushFTP servers at multiple US entities.
22 April 2024