Kaji malware targets IoT devices using SSH brute-force attacks

About the Author

By | https://twitter.com/gadget_ry
Categories: IoT, Security, TECHEX,

Ryan Daws is a senior editor at TechForge Media, with a seasoned background spanning over a decade in tech journalism. His expertise lies in identifying the latest technological trends, dissecting complex topics, and weaving compelling narratives around the most cutting-edge developments. His articles and interviews with leading industry figures have gained him recognition as a key influencer by organisations such as Onalytica. Publications under his stewardship have since gained recognition from leading analyst houses like Forrester for their performance. Find him on X (@gadget_ry) or Mastodon (@gadgetry@techhub.social)

Security researchers have discovered a new malware called Kaji which is targeting IoT devices using SSH brute-force attacks.

Malware is increasingly targeting IoT devices, and it’s little surprise why. Statista estimates there are around 20 billion IoT devices installed today, while IDC predicts 41.6 billion devices generating 79.4 zettabytes of data by 2025.

Kaji was uncovered last week by security researcher MalwareMustDie and the experts at Intezer Labs.

The malware is thought to be Chinese in origin and has stood out for its use of the programming language Go.

Most new IoT malware is coded in C++ or C as many existing projects – whether open-source or posted on hacking forums – use one of the two languages. Building a new strain of malware is made easier by adapting an existing one. For example, many variations of the notorious IoT botnet Mirai have cropped up in recent years.

“The Internet of Things botnet ecosystem is relatively well-documented by security specialists,” said Paul Litvak, malware analyst at Intezer. “It is not often that you see a botnet’s tooling written from scratch.”

Kaji uses SSH brute-force attacks to compromise IoT devices with that port exposed. The researchers say the malware is unable to use exploits to gain control of patched devices, at least for now.

The researchers believe Kaji is still a work-in-progress as it lacks features common in more advanced malware, contains the string “demo” in various places, and often crashes due to calling itself too many times and causing the host device to run out of memory.

The malware only targets the root account of devices in order to have the ability to manipulate packets for carrying out DDoS attacks.

Once infected, Kaji uses the hacked IoT device to carry out DDoS attacks. The device is also used to try and compromise others through the same SSH brute-force method.

(Photo by Michael Dziedzic on Unsplash)

Interested in hearing industry leaders discuss subjects like this? Attend the co-located 5G Expo, IoT Tech Expo, Blockchain Expo, AI & Big Data Expo, and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London, and Amsterdam.

Tags: , , , , , , , , ,

View Comments
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *