14-year-old creates dangerous malware, starts bricking thousands of IoT devices
In a strange case, a 14-year-old kid has created a dangerous strain of malware, a program that is spreading in the wild and bricking devices worldwide. 'Silex' malware has been wiping the firmware of IoT devices, mimicking the behavior of the BrickerBot malware of 2017. It has already claimed thousands of victims and still remains active. Here's all you need to know about it.
Silex is wiping the firmware of IoT devices
ZDNet, which first reported about the malware, claims Silex appeared for the first time on Tuesday, and started spreading immediately. The malware grew so fast that it took down as many as 2,000 IoT devices within just three-four hours of operation. It bricked these devices completely, doing the worst possible damage without actually frying their circuit board or hardware.
How the malware compromised these devices
Silex compromises devices by wiping their memory clean, security researcher Larry Cashdollar explained. It trashes the storage of the device, drops firewall rules, removes network configuration, and finally halts the device completely. The effect is such that a user could easily think that the device has dropped dead, potentially due to a hardware failure.
Unix-like systems being targeted
"It's targeting any Unix-like system with default login credentials," Cashdollar told ZDNet. "The binary I captured targets ARM devices. I noticed it also had a Bash shell version available to download which would target any architecture running a Unix like OS."
The attack could intensify very soon
The IP address used for this attack is operated out of Iran and has been added on URLhaus blacklist. However, don't expect the attack to slow down as the 14-year-old author of the malware, Light Leafon, plans to make it even more destructive. When contacted anonymously, Light claimed the project started as a joke but will be developed with more destructive functions.
Malware has BrickerBot-like capabilities, claimed Light
"It will be reworked to have the original BrickerBot functionality," Light said without revealing the reason behind his actions. To note, BrickerBot was a malware that worked in the same way and compromised more than ten million IoT devices between April and December 2017.