Home > Cyber News > New Kaiji IoT Botnet Targets Linux Servers, Performs DDoS Attacks

New Kaiji IoT Botnet Targets Linux Servers, Performs DDoS Attacks

A new strain of IoT malware, dubbed Kaiji, was just discovered by security researchers MalwareMustDie and Intezer Labs.

The new IoT malware is built to target Linux-based servers and connected devices to launch DDoS attacks, and was coded by Chinese attackers.

Kaiji IoT Malware Quite Different Than Other Strains

According to the researchers, Kaiji hasn’t much to do with other IoT malware strains, as it is written in the Golang programming language. The two most deployed languages in the creation of such malware are C and C++.

Malware based on the Golang language is effective but it is rare, because there is an abundance of ready C and C++ projects available on both GitHub and forums dedicated to hacking. These ease the process of creating IoT botnets, and there are a very few IoT malware writers that code from scratch. In truth, most IoT botnets nowadays are scraped from various existing strains.

Kaiji is already spreading across the Internet

The Kaiji malware has already been seen in the wild, say security researchers. The malware is spreading slowly, affecting new devices and turning them into zombies. In order to spread, Kaiji is using brute-force attack techniques, rather than using exploits to infect vulnerable devices. Linux servers with an exposed SSH port are especially at risk.

It should be noted that the malware specifically targets the root account of the device. This is done so that the malware operators can manipulate raw network packets for DDoS attacks. Once root access is obtained, Kaiji can carry out three malicious scenarios – DDoS attacks, SSH brute-force attacks against other devices, or stealing local SSH keys to spread to more devices the root account has previously managed. More specifically, it appears that the malware can launch six different types of DDoS attacks.

Despite its sufficient capabilities, Kaiji appears to be still in development, as the code contains the “demo” string, and the rootkit module would call itself too many times, leading to the device’s memory exhaustion and a crash.

Furthermore, Kaiji’s command and control servers seem unstable, going offline and leaving the infected devices without a master server. These issues the malware is currently having will most likely be fixed in the future, and security researchers will continue monitoring the malware’s evolution.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree