• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 28th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security
Malware

BASHLITE malware turning millions of Linux Based IoT Devices into DDoS botnet

September 3rd, 2016 Waqas Security, Malware 0 comments
BASHLITE malware turning millions of Linux Based IoT Devices into DDoS botnet
Share on FacebookShare on Twitter

Researchers have exposed millions of Linux-based IoT devices infected with BASHLITE malware — Lizard Squad and PoodleCorp have already released Linux-based DDoS tools.

The IT security researchers at Level 3 firm and FlashPoint have discovered a malware that is specifically developed to target Internet of Things (IoT) devices.

Must Read: The Troubling State of Security Cameras; Thousands of Devices Vulnerable

Dubbed Bashlite by researchers; this malware is written in C with the capability to infect IoT devices especially security cameras (surveillance system) and turn them into a DDoS botnet.

If you haven’t heard of Bashlite before that’s because this malware has several other names such as Lizkebab, BASHLITE, Torlus and gafgyt.

Bashlite can brute force a vulnerable device and steal its login credentials and distributes itself on other devices. Researchers further explained that the malware source code was leaked back in 2015 (it has a dozen of variants in 2016) that revealed that its prime target is Linux-based IoT devices. Until now, researchers have found over 1 million devices manufactured by Dahua Technology being infected with Bashlite malware in Brazil, Colombia and Taiwan.

bashlite-malware-linux-iot-ddos-botnet-map

The map shows countries targeted by Bashlite malware / Image Source: Level3

Must Read: Creepy website shows live footage from 73,000 Private Security Cameras Globally

Most of the infected devices are digital video recorder (DVRs) and Dahua tech has already been informed about the issue. 

“The security of IoT devices poses a significant threat. Vendors of these devices must work to improve their security to combat this growing threat. However, as a consumer of these devices, you do have options to improve your security.  If you have one of these devices, standard security best practices advice applies,” researchers explained.

Lizard Squad and DDoS:

The use of IoT devices as a botnet is not something new. Previously, Lizard Squad released a Linux-based DDoS tool LizardStresser which has been used to hack CCTV devices and use them to target high profile targets flooding them with as much as 400Gbps of data. The attacks were aimed mostly at gaming platforms, Brazilian financial institutions, ISPs, and government institutions.

During this downtime I'd like to remind you of our services (which have 100% uptime) over at stresser.ru

— Lizard Squad (@LizardLands) April 11, 2016

PoodleCorp and DDoS:

PoodleCorp is also promoting their DDoS tool these days and increasingly targeting IoT devices to build botnets to conduct DDoS attacks. The group has quickly made a name by DDoSing several gaming giants including, Pokemon Go, PlayStation, Electronic Arts (EA), Grand Theft Auto, Blizzard and League of Legends 

Must Read: Watch out for Paedophiles, 9 Internet Connected Baby Cams Can Be Hacked

If you are a website owner and receiving DDoS attacks contact DDoS protection firms like Sucuri or Incapsula — If you own a CCTV camera make sure to remove default login and password and use strong login credentials to avoid them from being misused.

More technical details available here on Level3 blog.

  • Tags
  • DDOS
  • internet
  • IoT
  • Linux
  • Lizard Squad
  • Malware
  • PoodleCorp
  • Security Cameras
Facebook Twitter LinkedIn Pinterest
Previous article Online Music Database Last.fm Hacked; 43M accounts Leaked
Next article BBC mistakenly sent news alert in Bengali; Readers took it as a hack
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
World's Most 'Resilient Malware' Botnet Emotet Taken Down

World's Most 'Resilient Malware' Botnet Emotet Taken Down

Top Cybersecurity Threats to Watch in 2021

Top Cybersecurity Threats to Watch in 2021

Database of 176 million Pakistani mobile phone users sold online

Database of 176 million Pakistani mobile phone users sold online

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
NetWalker ransomware disrupted - Cryptocurrency and domain seized
Cyber Crime

NetWalker ransomware disrupted - Cryptocurrency and domain seized

33
Transferring Whatsapp data from iPhone to Android with MobileTrans
How To

Transferring Whatsapp data from iPhone to Android with MobileTrans

24
World's Most 'Resilient Malware' Botnet Emotet Taken Down
Cyber Crime

World's Most 'Resilient Malware' Botnet Emotet Taken Down

59

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us