Skip to content

Hide Navigation Hide TOC

Hide and Seek (cdf1148c-5358-11e8-87e5-ab60d455597f)

Security researchers have discovered the first IoT botnet malware strain that can survive device reboots and remain on infected devices after the initial compromise. This is a major game-changing moment in the realm of IoT and router malware. Until today, equipment owners could always remove IoT malware from their smart devices, modems, and routers by resetting the device. The reset operation flushed the device's flash memory, where the device would keep all its working data, including IoT malware strains. But today, Bitdefender researchers announced they found an IoT malware strain that under certain circumstances copies itself to /etc/init.d/, a folder that houses daemon scripts on Linux-based operating systems —like the ones on routers and IoT devices. By placing itself in this menu, the device's OS will automatically start the malware's process after the next reboot.

Cluster A Galaxy A Cluster B Galaxy B Level
Hide and Seek (cdf1148c-5358-11e8-87e5-ab60d455597f) Botnet Hide and Seek (41bf8f3e-bb6a-445d-bb74-d08aae61a94b) Malpedia 1