Bashlite has just been emerged as a malware to turn your IoT devices into DDoS botnet. This new malicious programe is written in C language and is also known as Lizkebab, Torlus and gafgyt.
According to IT security researchers at Level 3 and FlashPoint, Bashlite has infected over a million devices in Brazil, Colombia and Taiwan. The code of the malware was first leaked in 2015. However, attackers have modified multiple versions of the source code over the span of the year.
The primary target of the origin malware is Linux powered IoT devices. The malware has infected digital video recorder (DVRs) manufactured by Dahua Technology.
Like many other malware programs, Bashlite brute forces a vulnerable device to gain its login credentials and then spread over other devices.
Breaching security of IoT devices and turning them into botnet is comparatively easier. Linux-powered IoT devices have always been the target of attackers. The open source platform backed DDoS tool LizardStresser was previously used to hack CCTV devices. Similarly, PoodleCorp’s DDoS tool is often deployed by hackers to capture IoT devices.