Researchers have discovered a malware called Luabot being used to Launch DDoS Attacks on Internet of Things (IoT) devices.
The IT security researchers at MalwareMustDie have discovered a malware that is capable of infecting Linux-based Internet of Things (IoT) devices and web servers to launch DDoS (Distributed Denial of Service) attacks.
Dubbed Linux/Luabot by researchers; the malware is coded in version 5.3.0 of Lua programming language and comes with capabilities such as infecting a system and issuing botnet commands.
According to MalwareMustDie’s official blog post, at the moment there are countless ELF malware that are surfacing on the internet. The blog post, which was published on Monday, further read:
“There are plenty new ELF malware coming & lurking our network recently & hitting out Linux layer IoT and services badly.”
Moreover, security professionals have been advised by the researchers to keep a close eye on “unusual hazards for the security of our 24/7 running Linux nodes.”
MalwareMustDie also defined LuaBot botnet as “the most advanced botnet hitting Linux-based IoT devices”:
Image source: MalwareMustDie
The use of IoT devices as a botnet is not something new. Previously, Bashlite or Lizkebab malware was also found targeting Linux-based IoT and conducting DDoS attacks on banking and government offices in South America.
Lizard Squad also released a Linux-based DDoS tool LizardStresser which has been used to hack CCTV devices and use them to target high profile targets flooding them with as much as 400Gbps of data. The attacks were aimed mostly at gaming platforms, Brazilian financial institutions, ISPs, and government institutions.
If you are a website owner and receiving DDoS attacks contact DDoS protection firms like Sucuri or Incapsula — If you own a CCTV camera make sure to remove default login and password and use strong login credentials to avoid them from being misused.
More technical details available here on MalwareMustDie.