New IoT botnet launches stealthy DDoS attacks, spreads malware
A new botnet is reportedly actively targeting IoT devices through the use of payloads compiled for a dozen CPUs. The botnet uses these payloads to launch different types of DDoS attacks and spread malware. The botnet has been named the Dark Nexus by researchers at Bitdefender after they discovered it in December 2019. Since its discovery, the botnet has gone through a fast development process, adopting 40 different versions between December and March, according to Bitdefender.
The malware is likely created by greek.Helios, which is a well-known botnet developer that advertises and sells DDoS services and botnet code beginning in 2017. This analysis is based on strings found in the bot binaries and the names of the bot binaries. Although the malware reuses parts of other source codes, including Qbot and Mirai, Dark Nexus has created its own core modules that include the capability to deliver custom-tailored payloads for a dozen CPU architectures.