Custom malware Kaiji targets IoT devices via SSH brute forcing
- Intezer has discovered a new Chinese origin botnet that targets servers and IoT devices via SSH brute forcing.
- Unlike common botnets that use implants from popular open source or dark web tools, Kaiji uses custom implants.
- It has been built from scratch in the Golang programming language, which is uncommon in IoT botnets.
- Though simple, Kaiji has the capabilities to launch:
- Multiple DDoS attacks such as ipspoof and synack attacks
- An SSH bruteforcer module to continue the spread
- An SSH spreader which hijacks local SSH keys to infect hosts that the server has connected to previously.