Custom malware Kaiji targets IoT devices via SSH brute forcing

Summary

Chinese origin botnet, Kaiji, built from scratch in the Golang language, can launch multiple DDoS attacks, SSH bruteforcer, SSH spreader.
  • Intezer has discovered a new Chinese origin botnet that targets servers and IoT devices via SSH brute forcing.
  • Unlike common botnets that use implants from popular open source or dark web tools, Kaiji uses custom implants.
  • It has been built from scratch in the Golang programming language, which is uncommon in IoT botnets.
  • Though simple, Kaiji has the capabilities to launch:
    • Multiple DDoS attacks such as ipspoof and synack attacks
    • An SSH bruteforcer module to continue the spread
    • An SSH spreader which hijacks local SSH keys to infect hosts that the server has connected to previously.

Table of Contents

Request an easy and customized demo for free