New dark_nexus IoT Botnet Puts Others to Shame

Bitdefender
April 9, 2020

Whitepaper Details

Bitdefender researchers have recently found a new IoT botnet packing new features and capabilities that put to shame most IoT botnets and malware that we’ve seen.

We named the botnet “dark_nexus” based on a string it prints in its banner. In one of its earliest versions, it used this name in its user agent string when carrying out exploits over HTTP: “dark_NeXus_Qbot/4.0”, citing Qbot as its influence. Our analysis has determined that, although dark_nexus reuses some Qbot and Mirai code, its core modules are mostly original.

While it might share some features with previously known IoT botnets, the way some of its modules have been developed makes it significantly more potent and robust. For example, payloads are compiled for 12 different CPU architectures and dynamically delivered based on the victim’s configuration.

It also uses a technique meant to ensure “supremacy” on the compromised device. Uniquely, dark_nexus uses a scoring system based on weights and thresholds to assess which processes might pose a risk. This involves maintaining a list of whitelisted process and their PIDs, and killing every other process that that crosses a threshold of suspicion.

Interestingly, dark_nexus seems to have been developed by a known botnet author who has been selling DDoS services and botnet code for years. Using YouTube videos demoing some of his past work and posting offerings on various cybercriminal forums, greek.Helios seems to have experience with IoT malware skills, honing them to the point of developing the new dark_nexus botnet..

Publisher's website.

DOWNLOAD

Price: FREE

DOWNLOAD COUNT: 1,230

SHARE:
Share on linkedin
Share on facebook
Share on twitter
Share on email

DOWNLOAD

Price: FREE

COVER

PROVIDER

Bitdefender
Bitdefender is a Romanian cybersecurity and anti-virus software company. Bitdefender develops and sells anti-virus software, internet security software, endpoint security software, and other cybersecurity products and services.

TOPICS

more from this PUBLISHER

More Evidence of APT Hackers-for-Hire Used for Industrial Espionage
Thu, Aug 27
Free Direct Download
More Evidence of APT Hackers-for-Hire Used for Industrial Espionage
Bitdefender
Cracking the August SmartLock: WiFi Password Eavesdropping Made Easy
Tue, Aug 11
Free Direct Download
Cracking the August SmartLock: WiFi Password Eavesdropping Made Easy
Bitdefender
StrongPity APT – Revealing Trojanized Tools, Working Hours and Infrastructure
Wed, Jul 01
Free Direct Download
StrongPity APT - Revealing Trojanized Tools, Working Hours and Infrastructure
Bitdefender
The Indelible Impact of COVID-19 on Cybersecurity
Thu, Jun 18
Free Direct Download
The Indelible Impact of COVID-19 on Cybersecurity
Bitdefender
BANNER FOR ADVERTISEMENT
BANNER FOR ADVERTISEMENT

MORE FOR YOU

Data Protection for ThinkAgile VX
Sun, Nov 15
Free Direct Download
Data Protection for ThinkAgile VX
Veeam Software
Detect & Respond to Ransomware with Veeam ONE
Sat, Nov 14
Free Direct Download
Detect & Respond to Ransomware with Veeam ONE
Veeam Software
Making an impact with Cloud Data Management
Thu, Nov 12
Free Direct Download
Making an impact with Cloud Data Management
Veeam Software
Mitigating Risk Against Ransomware in the Healthcare Sector
Tue, Nov 10
Free Direct Download
Mitigating Risk Against Ransomware in the Healthcare Sector
Veeam Software

TRENDING NOW IN THE MARKETPLACE

Data Protection for ThinkAgile VX
Sun, Nov 15
Free Direct Download
Data Protection for ThinkAgile VX
Veeam Software
Detect & Respond to Ransomware with Veeam ONE
Sat, Nov 14
Free Direct Download
Detect & Respond to Ransomware with Veeam ONE
Veeam Software
Making an impact with Cloud Data Management
Thu, Nov 12
Free Direct Download
Making an impact with Cloud Data Management
Veeam Software
Mitigating Risk Against Ransomware in the Healthcare Sector
Tue, Nov 10
Free Direct Download
Mitigating Risk Against Ransomware in the Healthcare Sector
Veeam Software
Scroll to Top