Rakos wants to be the next devastating IoT botnet

(Image Credit: iStockPhoto/weerapatkiatdumrong)

You've likely heard of or even been affected by Mirai, the botnet of IoT devices responsible for a record-breaking DDoS attack which disrupted large services including Twitter, Spotify, and PlayStation Network back in October. A new malware named Rakos could be about to steal Mirai's crown, or at least pose another large threat. 

Mirai and Rakos both share an affinity for the IoT and seek out insecure devices to add to their collective for launching devastating DDoS attacks. The difference is that Mirai targets primarily telnet ports, whereas Rakos targets SSH. Whereas telnet does not use encryption, SSH does, and it's often the more favourable option to use. 

The malware uses brute force attempts on SSH logins similar to how many worms operate in order to build its army. Rakos was identified by security researchers at ESET who have observed multiple cases of IoT devices and Linux server being infected with the malware since August.  

"It is executed from a temporary directory and disguised as a part of the Java framework, namely '.javaxxx'. Additional names like '.swap' or 'kworker' are also used," members of ESET wrote on the welivesecurity blog. 

Despite having a strong password, some devices were vulnerable due to having an 'online service' functionality enabled which allowed Rakos to factory reset the device and therefore revert the password to its default. 

Rakos is written in the Go language and its binary is compressed with the standard UPX tool. When a device is compromised, Rakos starts a local web server on port 61314 and downloads binary. Details of the host machine are sent periodically to its C&C server in order to add new features or perform an operation. 

The usual security advice should be undertaken to ensure your devices are not part of the next botnet attack. Change your default passwords, and make sure to switch off any remote service access when it's not required (and possible.) 

What are your thoughts about the growth of IoT botnets? Let us know in the comments.

https://www.iottechexpo.com/wp-content/uploads/2018/09/iot-tech-expo-world-series.pngInterested in hearing industry leaders discuss subjects like this and sharing their IoT use-cases? Attend the IoT Tech Expo World Series events with upcoming shows in Silicon Valley, London and Amsterdam to learn more.

The show is co-located with the AI & Big Data Expo, Cyber Security & Cloud Expo and Blockchain Expo so you can explore the entire ecosystem in one place.

Related Stories

Leave a comment

Alternatively

This will only be used to quickly provide signup information and will not allow us to post to your account or appear on your timeline.