New Malware variant threatens smart devices in 84 different countries

A new variant of the InterPlanetary Storm malware has infected roughly 13,500 machines across no less than 84 different countries and counting. That is the core message emanating from e-mail security business Barracuda Networks in its latest Threat Spotlight research.

The malware was initially uncovered in May 2019 as a malicious attack designed to target Windows machines. This new variant, which Barracuda researchers first detected in late August, is now also targeting Internet of Things (IoT) devices, such as TVs that run on Android operating systems, and also Linux-based machines.

Essentially, this new variant gains access to machines by running a dictionary attack against SSH servers similar to FritzFrog, another peer-to-peer malware. It can also gain entry by accessing open Android Debug Bridge (ADB) servers. The malware detects the CPU architecture and running OS of its victims. It can run on ARM-based machines, an architecture that is quite common with routers and other IoT devices.

While the function of this malware is not yet known, it’s likely that campaign operators will be able to gain access to infected devices so they can later be used for cryptomining, DDoS or other large-scale attacks.

Including the UK, some of the 84 countries which have so far reported cases of the InterPlanetary Storm malware include Argentina, Australia, Belgium, Brazil, Canada, France, Germany, India, Spain and the United States.

Malware spread

The malware spreads using SSH brute force and open ADB ports, duly serving malware files to other nodes in the network. The malware also enables reverse shell and can run bash shell.

Fleming Shi, CTO at Barracuda Networks, commented: “This new variant of malware is extremely infectious and malicious, and it’s very likely that it will spread beyond the 84 countries which have already been impacted. Moving forward, it’s essential that tech users properly configure Secure Shell access on all devices. This means using keys instead of passwords, which will make access more secure.”

In conclusion, Shi stated: “Furthermore, deploying a multi-factor authentication enabled VPN connection to a segmented network, instead of granting access to broad IP networks, is absolutely vital, particularly so if users wish to share access to secure shells without exposing the resource on the Internet.” 

Leave a comment

Filed under Security Matters

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s