As scary as the epidemics of malware for Internet of Things devices have been, they had one saving grace: because they only lived in RAM (where they were hard to detect!), they could be flushed just by rebooting the infected gadget.
But a new strain of malware, dubbed "Hide n Seek," can live through a power-cycle: it writes a copy of itself to the /etc/init.d/ directory in the IoT device's embedded GNU/Linux system, where startup programs are stored. When a device that's been infected this way is rebooted, it is freshly infected.
Bitdefender experts first spotted the HNS malware and its adjacent botnet in early January, this year, and the botnet grew to around 32,000 bots by the end of the same month. Experts say HNS has infected 90,000 unique devices from the time of discovery until today.
Crooks used two exploits to create their initial botnet, which was unique from other IoT botnets active today because it used a custom P2P protocol to control infected systems.
Now, experts have found new HNS versions that have added support not only for two other exploits [1, 2] but also for brute-force operations.
What this means is that HNS infected devices will scan for other devices that have an exposed Telnet port and attempt to log into that device using a list of preset credentials.
"Hide and Seek" Becomes First IoT Botnet Capable of Surviving Device Reboots [Catalin Cimpanu/Bleeping Computer]
Stalkerware -- spyware sold to people as a means of keeping tabs on their romantic partners, kids, employees, etc -- is a dumpster fire of terrible security (compounded by absentee management), sleazy business practices, and gross marketing targeted at abusive men who want to spy on women.
I recently wrote about how much I enjoyed testing the OnePlus 7 Pro. One of the nicer things about it was the fact that its in-display fingerprint reader, unlike the one in the last-gen OnePlus handset, works in a timely manner. Too bad that, no matter how quickly it can read a fingerprint, it still […]
Data from facial recognition scans performed by US Customs and Border Patrol on travelers crossing at an unnamed lander border point (an anonymous source says it's a US-Canada crossing) have been stolen by hacker or hackers unknown.
With the quick-fix appeal of video games and their own cell phones, it can be tough to keep kids focused on supposedly “educational” toys. And while it may seem counter-intuitive to fight tech with more tech, we’re all in when it comes to the Toybox 3D Printer. We’re not sure if anyone had envisioned a […]
Whether you’re an artist, designer or just organizing a photo album, photo editing software is a must. And software designers know it: Platforms like Photoshop and Lightroom have a ton of helpful features, but you’ll pay for them in spades. Luckily, there’s some competition in the photo editing arena. Right now, Skylum’s Luminar software is […]
Who needs a holiday sale? Sometimes there’s no better time than the thick of summer to find deals. We should know – we’ve found ten deep discounts on some must-have items. Whether you’re searching for CBD edibles, exercise gear, chargers or other tech, take a look. But don’t look long – these prices aren’t likely […]