A new variant of the InterPlanetary Storm malware has infected roughly 13,500 machines across 84 different countries and counting says email security firm Barracuda Networks in their September Threat Spotlight research.
The malware, named InterPlanetary Storm, was initially uncovered in May 2019 as a malicious attack designed to target Windows machines. This new variant, which Barracuda researchers first detected in late August, is now also targeting IoT devices, such as TVs that run on Android operating systems, and Linux-based machines, such as routers with ill-configured SSH service.
Essentially, this new variant gains access to machines by running a dictionary attack against SSH server, similar to FritzFrog, another peer-to-peer (p2p) malware. It can also gain entry by accessing open ADB (Android Debug Bridge) servers.
The malware detects the CPU architecture and running OS of its victims, and it can run on ARM-based machines, an architecture that is quite common with routers and other IoT devices.
Whilst the function of this malware is not known yet, it’s likely that campaign operators will be able to gain access to infected devices so they can later be used for crypto mining, DDoS, or other large-scale attacks.
Some of the 84 countries which have so far reported cases of the InterPlanetary Storm malware, include Argentina, Australia, Belgium, Brazil, Canada, France, Germany, India, Spain, the United Kingdom and the United States.
It spreads using SSH (Soft Shell) brute force and open ADB ports, and it serves malware files to other nodes in the network. The malware also enables reverse shell and can run bash shell.
Fleming Shi, CTO for Barracuda Networks, comments:
“This new variant of malware is extremely infectious and malicious, and it’s very likely that it will spread beyond the 84 countries which have already been impacted.
“Moving forward, it’s essential that tech users properly configure Secure Shell access on all devices. This means using keys instead of passwords, which will make access more secure.
“Furthermore, deploying a multi-factor authentication enabled VPN connection to a segmented network, instead of granting access to broad IP networks is vital, particularly if users wish to share access to secure shells without exposing the resource on the internet.”
Minister for Further and Higher Education, Research, Innovation and Science, James Lawless TD has launched…
CREW (Creative Enterprise West) has, announced details of Ireland’s first ever Creative Economy Summit, EDGE26.…
Founded by Stefan George, Martin Köppelmann, and Friederike Ernst, Gnosis, a web 3.0 company has…
By Sara Daw who is Group CEO of The CFO Centre and The Liberti Group,…
Employers risk leaving significant productivity value on the table because employees are not yet receiving the level…
Article written by Marie-Clare Byard, Now Media who reviews Pendulum Summit. She teaches business owners…
Irish Tech News are Ireland’s No. 1 Online Tech Publication and often Ireland’s No.1 Tech Podcast too.
You can find hundreds of fantastic previous episodes and subscribe using whatever platform you like via our Anchor.fm page here: https://anchor.fm/irish-tech-news
If you’d like to be featured in an upcoming Podcast email us at Simon@IrishTechNews.ie now to discuss.
Irish Tech News have a range of services available to help promote your business. Why not drop us a line at Info@IrishTechNews.ie now to find out more about how we can help you reach our audience.
You can also find and follow us on Twitter, LinkedIn, Facebook, Instagram, TikTok and Snapchat.