skip to Main Content

Cybercrime, there’s a new IoT malware on the wild: it’s Siles

Cybercrime, There’s A New IoT Malware On The Wild: It’s Siles

It’s dubbed Siles and it’s a new malware targeting Internet of Things (IoT) devices

It’s dubbed Siles and is a new malware targeting Internet of Things (IoT) devices. It has been discovered by the Akamai cyber security expert, Larry W. Chashdollar. According to the researcher, it has already bricked over 2,000 IoT devices and it’s expanding. The malicious code “is targeting pretty much any UNIX like OS with default login credentials.  Doesn’t matter if it’s an ARM-based DVR or an x64 bit system running Redhat Enterprise if your login is root:password it could wreck your system”, he wrote on Twitter. Especially, it targets everything UNIX-based via Telnet default creds, wipes storage, drops firewall rules, wipes network config, rm rf’s everything left, and reboots device. Attacks are still ongoing, and according to an interview with the malware’s creator, they are about to intensify in the coming days.

The author is a 14-year-old teenager going online by the pseudonym of Light Leafon

Siles it’s destructive. To recover, in fact, victims must manually reinstall the device’s firmware, a task too complicated for the majority of IoT device owners. According to ZDNet, it’s expected that some owners will most likely throw devices away, thinking they’ve had a hardware failure without knowing that they’ve been hit by malware. NewSky cyber security researcher, Ankit Anubhav, interview the author, a 14-year-old teenager going online by the pseudonym of Light Leafon. Anubhav confirmed the hacker’s identity by having him put a custom message on the Silex command and control (C&C) server, verifying that we were indeed talking to the actual malware operator. Prior to today, Light had created the HITO IoT botnet. 

Siles author wants to expand it, adding more dectructive functions and exploits

Light Leafon explained the project started as a joke, but has now developed into a full-time project, and has abandoned the old HITO botnet for Silex. Furthermore, he plans to develop the malicious code further and add even more destructive functions and also to incorporate exploits, giving the malware the ability to use vulnerabilities to break into devices, similar to how most IoT botnets operate today. “My friend Skiddy and I are going to rework the whole bot,” Light told ZDNet. “It is going to target every single publicly known exploit that Mirai or Qbot load.” Silex malware is inspired by the old BrickerBot strain, which was active between April and December 2017. It’s author, known under the pseudonym of the Janit0r, claimed he permanently or temporarily destroyed over ten million IoT devices.

Back To Top