MalwareMustDie discovered and reverse engineered a new Linux Trojan that is made to target Internet of Things (IoT) devices.
NyaDrop Appears with Dangerous Intrusions
MalwareMustDie, the well-known security researcher, uncovered and reverse engineered a new Linux trojan known as NyaDrop. The threat specifically targets IoT (Internet of Things) appliances and it can deliver a greaet deal of damage.
NyaDrop was featured in a late September 2016 attack wave using IoT devices with known factory hardcoded default account credentials. The malware can be detected using several different pattern recognition – a sequence of failed and success login attempts to the target IoT appliance.
The source of the analyzed attack campaigns comes from a Russian IP address suggesting that the operators of the malware might be from the Russian Federation or are using a proxy network located there.
When the malware is installed on the host computer it opens a remote network connection and downloads an ELF malware file with the NYA file name extension. This Trojan targets only devices that are built on the MIPS platform which include devices such as DVRs, CCTV cameras, routers and other embedded systems.
The backdoor is made in a way that evades popular security measures and can easily avoid detection.
NyaDrop is just the latest proof that the Internet of Things (IoT) devices need to be secured better to avoid such easy vulnerabilities. The infection method relies on a simple brute force attack with default credentials that are not changed by the user. The payload delivers a very dangerous Trojan and the delivery scheme avoids detection from various security mechanisms and software solutions.
The interesting fact about the attack campaign is that its operators specifically target the MIPS platform by running an architecture and processor check (using the “cpuinfo” command). NyaDrop can easily be modified to run on other platforms as well.
For more information you can read the complete blog post.