The KmsdBot botnet malware has been revamped to target Internet of Things (IoT) devices, extending its potential attack range and capabilities.
According to Akamai security expert Larry W. Cashdollar’s recent analysis, the malware now boasts functionalities like Telnet scanning and compatibility with additional CPU architectures. This version, spotted from July 16, 2023, emerged following revelations of the botnet’s availability as a DDoS service for cybercriminals. Its continued development suggests its potency in genuine cyber-attacks.
First identified by a web security firm in November 2022, KmsdBot primarily aimed at private game servers and cloud service providers. However, it later shifted its focus to Romanian governmental and Spanish educational websites.
The malware operates by randomly scanning IP addresses for open SSH ports and attempting brute-force attacks using passwords fetched from a hacker-controlled server. The recent updates now allow Telnet scanning and support more IoT-friendly CPU architectures. The malware exploits Telnet by fetching a text file with a compilation of widely used weak passwords, especially targeting IoT devices often left with default credentials.
The persistence of KmsdBot activities underscores the ongoing vulnerability of IoT devices online, making them prime targets for cyberattacks.