Entersoft Security Blog

New Vulnerability: IoT Devices Compromised by "Rakos"

Posted by Entersoft Team on Aug 8, 2017 6:11:03 PM
06-01.jpg
Have you been in situations in which you find your IoT devices getting overloaded with networking and computing tasks? If the answer is yes, the chances are high that your devices are Rakos’s latest victims.
 
What is Rakos? 
Rakos is a Linux Malware written in Go language that targets both consumer devices and servers. Rakos came into existence in December 2016 when it was discovered by malware researchers of Slovakia-based security firm “ESET”.
 
How does Rakos work?
Initially, the malware conducts an SSH scan to find out open ports, where it tries to brute force the login credentials to get access to poorly protected SSH ports. Once it gains access, the malware transfers malicious binary to the target system and downloads the configuration file containing command-and-control servers.
 
Rakos can compromise the security of both servers and embedded devices, which it can then convert to botnets. Through the command and control servers, attackers can perform various malicious activities through botnet. The malware can easily compromise devices insufficiently protected with simple passwords. Each compromised device in turn targets other devices.
 
More than 45 percent of the compromised devices were Raspberry Pi’s and wireless access points from Ubiquiti Networks.
 
Recent Attacks
Based on data gathered by Morphus Labs, the Rakos botnet lists around 8300 active bots every day with over 24000 unique bots for a three-day period.
 
How does one get rid of Rakos?
1. You can remove Rakos malware by rebooting your devices.
2. Change the default passwords and secure your devices with complex passwords that are hard to guess.
3. Kill a running process with the name .javaxxx
 
Research by Shiva Gayala

Topics: Application Security, cyber security, IOT Security, cyber attack