IPStorm botnet evolves to infect Android, Linux, and Mac devicesSecurity Affairs

Researchers from Intezer reported that the IPStorm botnet has evolved to infect other operating systems, including Android, Linux, and Mac devices.

The IPStorm botnet was first uncovered in May 2019 while targeting Windows systems, not experts from Intezer reported that the bot evolved to infect other platforms, including Android, Linux, and Mac devices.

IPStorm botnet continues to infect systems across the world, its size passed from around 3,000 infected systems in May 2019 to more than 13,500 devices this month.

The name IPStorm is the abbreviation of InterPlanetary Storm that came from the InterPlanetary File System (IPFS), which is a peer-to-peer protocol used by the bot for communications with the intent to obscure the malicious traffic.

The bot was written in the Go programming language, it was initially designed to compromise Windows systems only. In June security firms Bitdefender and Barracuda discovered new IPStorm versions that are able to target also Android, Linux, and Mac.

The experts from both security firms reported that IPStorm was infecting Android systems with ADB (Android Debug Bridge) port exposed online.

The bot was also targeting Linux and Mac devices performs dictionary attacks against SSH services to guess their username and passwords.

Once a connection is established, the malware will check the presence of a honeypot by comparing the hostname of the attacked server to the string “svr04”, which is the default hostname of Cowrie SSH honeypot.

“The Linux variant has additional features over the documented Windows version, such as using SSH brute-force as a means to spread to additional victims and fraudulent network activity abusing Steam gaming and advertising platforms.” reads the Intezer’s report. “The Linux variant has adjusted some features in order to account for the fundamental differences that exist between this operating system and Windows.”

The IPStorm bot also kills a list of processes that could potentially interfere with its operations.

Experts noticed that IPStorm versions for both Linux and Windows systems implement a reverse shell mechanism.

“The Windows variant has a package called powershell which contains functions for achieving reverse shell. The same package is present in the Linux variant but it contains only one function: storm_powershell__ptr_Backend_StartProcess. The function is used to get a reverse shell on the infected system.” continues the analysis.


Curiously, until now, the researchers have not seen the IPStorm operators doing malicious activities, such as performing DDoS attacks or relaying malicious traffic.

“Platforms that are compromised by IPStorm are not only exposed to a backdoor to their services but are also added to the IPStorm Botnet which attempts to spread to other victims.” concludes Intezer. “The attackers behind IPStorm are very active evidenced by the frequent release of updated versions with new features and improvements, as well as the expansion to several different platforms and architectures.”

Pierluigi Paganini

(SecurityAffairs – IPStorm)

Source link

Recent articles

Jack Ma is making history again with the Ant IPO, and getting even more wealthy while doing it

Financial tech company Ant Group's share sale in Hong Kong and Shanghai — the biggest in history — will catapult Ma to within...

The Best Wi-Fi Routers in 2020

Image: NetgearTop Product: Google Nest Wi-FiImage: GoogleI use Google’s Nest Wi-Fi in my own two-story house, and it’s such an...

Malaysia PM Muhyiddin gets reprieve from key political ally | Malaysia

Political bloc that led the country for 60 years until 2018 also said that it will not back opposition leader Anwar Ibrahim.The largest...

Hospitals brace for more cyberattacks as coronavirus cases rise

Hospitals and health care institutions preparing for a fall wave of coronavirus cases are bracing for more cyberattacks after hackers seeking to take...

Coming Soon to Xbox Game Pass for Android, Console, and PC: Celeste, Grim Fandango, PUBG and More

We’ve got more games coming to Xbox Game Pass on Console, PC, and Android devices – but heads up some are a little...

Leave a reply

Please enter your comment!
Please enter your name here