Home / malware Backdoor:Linux/IoTReaper
First posted on 27 October 2017.
Source: MicrosoftAliases :
There are no other names known for Backdoor:Linux/IoTReaper.
Explanation :
Payload
Connects to remote server
The threat regularly connects to a C2 server, and can receive and run Lua scripts provided from the server. It uses a built-in Lua execution engine, and can open SMTP, FTP, and HTTP connections.
It could potentially perform the following actions:
- Send spam messages
- Perform denial of service (DOS) attacks
- Search for other vulnerable devices on the Internet
It can also send information about the device to a server, including information such as:
We have seen it attempt to connect to:
- MAC address
- Software version of the device
- hxxp://38[.]27[.]102[.]18:8012/api/api[.]php
- hxxp://bbk80[.]com/api/api[.]php
Exploits IoT devices to steal credentials
This malware has components that can be used to exploit IoT devices. These exploits can be used to obtain the login credentials of these devices, including CVE-2017-8225.Last update 27 October 2017
