This ‘virus’ created by 14-year-old is destroying modems, smart TVS and other devices globally
|Remember the BrickerBot malware attack back in 2017? Well, that is back, in what is estimated in a larger scale, in a new form of malware created by a 14-year-old teenager known as “Light Leafon”. For those unaware, BrickerBot was responsible for the MTNL broadband service outage in New Delhi in 2017 and also affected at least 60,000 modems of BSNL broadband subscribers.
The new malware strain, resembling BrickerBot-like payload, is called Silex and the malware has the capability to simply ruin smart IoT devices and render them useless, as per a report by ZDNet. Like the BrickerBot, the Silex malware simply wipes clean the storage of an IoT device, removes network configurations and renders firewall rules useless and finally kills or bricks the device.
The only way to deal with such an attack is to get hold of the firmware of the particular IoT device and reinstall it, something which most average users will find it hard to do. Most users would assume that their device is simply malfunctioning or there is some kind of hardware failure and would ideally throw them.
According to the ZDNet report, in which the publication reached out to interview Light Leafon through NewSky Security researcher Ankit Anubhav, the 14-year-old malware creator has more dangerous plans in mind. He confirmed that the new Silex malware is based on the “original BrickerBot functionality” and “plans to develop the malware further and add even more destructive functions.” So, what could be more dangerous than bricking a device? The teenager is working on “abilities” to log into devices via SSH along with Telnet hijacking capability, said the report.
In an early warning, the teenager was quoted saying, known default credentials for IoT devices to log in and kill the system. It is doing this by writing random data from /dev/random to any mounted storage it finds.” It further highlighted that the attacks were being carried out from servers based in Iran. “It appears the IP address that targeted my honeypot is hosted on a VPS server owned by novinvps.com, which is operated out of Iran,” Cashdollar added in the report