Script Kiddie Nightmare: IoT Attack Code Embedded with Backdoor by Ankit Anubhav

Feb 1, 2019

Introduction

The IoT threat landscape is proving to be the fastest to evolve, with attacks shifting from basic password guessing, to using a variety of exploits as seen recently in the IoTroop/Reaper botnet. Enter the script kiddie — amateurish hackers that copy/paste code for quick results. With the numerous disclosures of proof-of-concept IoT exploit code, many script kiddies jump on the exploit bandwagon by using weaponized attack scripts that are shared in various shady forums. The market is particularly hot for IoT devices using a vulnerable version of an embedded GoAhead server. This arises due to the fact that there are a large number of IP camera vendors that can be hacked using exploits like CVE-2017–8225, and it is already employed successfully by the IoTroop/Reaper botnet.

Along similar lines, we observed the distribution of a weaponized script on a hacking forum which promises script kiddies to gather a list of GoAheaddevices; the script does a lot more than expected as the code contains a backdoor to hack these script kiddies themselves.

Script announced and fishy code obfuscation

On 22nd October 2017, we observed a shady yet....

Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

1 Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023