Skip to main content

New IoT-targeting malware spotted in the wild

(Image credit: Photo Credit: andriano.cz/Shutterstock)

There is a new strain of malware in the wild, targeting Internet of Things (IoT) devices, according to a security researcher.

The same person that recently identified Mirai’s successor, Larry Cashdollar, has posted a series of tweets in which he describes a new form of malware called Siles, which has been attacking IoT devices for quite some time now.

According to Cashdollar, more than 2,000 IoT devices have already had their firmware wiped in the first few hours in existence.

"Silex is targeting pretty much any Unix-like operating system with default login credentials. Doesn't matter if it's an ARM-based DVR or an x64 bit system running Redhat Enterprise, if your login is root:password it could wreck your system," warned Cashdollar in one of a series of tweets.

Apparently, Silex destroys the device by killing its storage, which allows it to ignore firewall rules and network configurations. Finally, the device stops operating completely.

"It's using known default credentials for IoT devices to log in and kill the system," Cashdollar told ZDNet. "It's doing this by writing random data from /dev/random to any mounted storage it finds.

"It's targeting any Unix-like system with default login credentials. The binary I captured targets ARM devices. I noticed it also had a Bash shell version available to download which would target any architecture running a Unix-like operating system," Cashdollar added.

Obviously, wiping the device’s firmware doesn’t mean it is gone for good – it can still be recovered, but a manual reinstall of the firmware is necessary.

A separate researcher, Ankit Anubhav from NewSky Security, claims the destructive program was written by a 14-year-old Iranian boy going by the alias “Light Leafon”. He is allegedly based in Europe and built Silex as a joke.

Allegedly, he is looking to make the malware even more devastating in the near future.

"It will be reworked to have the original BrickerBot functionality," he said.