Dark Nexus – Latest threat on IoT botnet

April 16, 2020
dark nexus malware iot botnet antimalware hacking

Using the internet, we can now control several devices such as appliances, cameras for monitoring, and computers via remote access. With the emerging technology of its uses, a new threat has been discovered in the field of Internet of Things (IoT), for controlling these devices once it is connected to the internet. 

Cybersecurity researchers have already reported many incidents that such devices were tempered by hackers or fraudsters using a program. Once they have access to these devices, it will now become their IoT botnet. A botnet is used to solicit valuable information that they can use to perform Distributed-Denial-of-Service (DDoS). In this case, the transaction of businesses through the internet can now be controlled by the hacker, causing damage like money losses and declined reputation to the firm. To avoid such an attack, a company may resort to paying ransom money for the attack not to happen or invest in an expensive higher cybersecurity program. 


A popular program that was used to infect these devices are QBot and Mirai. Recently, these were used by the hackers to halt the operation of a well-known domain name server company that hosted many web services and temporarily shut down half of the internet in the US. 


Since the codes for the program are open source, hackers are free to collaborate with each other’s to create a new application. Currently, a new program is now under the monitoring of Cybersecurity researchers. They described it as more potent and robust compared to Qbot and Mirai. Some say it is a collaboration of these two known programs giving it a boost on threat categorization 

The new threat, as named by Bitdefender (Cybersecurity researcher group), was Dark Nexus. They were able to link it to greek,. Helios(a known botnet author) as per gathered evidence. This program has the following capabilities: 

  1. Mostly targeting devices that is Dasan Zhone, Dlink, and ASUS brand line. 
  2. It uses 12 different CPU architectures and can adapt based on the victim’s configuration. 
  3. It forks several times, blocks several signals, and detaches itself from the terminal to be untraceable. 
  4. It can be able to hide for malware check and can also disable antimalware/spyware programs. 
  5. Have a reverse proxy feature that lets the victim act as a proxy for the hosting server so that the central hosting server of the hacker cannot be traced. 
  6. The Anti-reboot program that infected the device cannot be disconnected immediately. 
  7. Auto-kill process once fraud detection crosses the prescribed threshold. 
  8. Uses brute-force attacks to bypass security installed on the devices and internet service. 

With its development, the researcher concludes that hacking tactics do evolve and grow since the program and its codes are open source. They are free to access, especially in social media. The collaboration of old and new minds of hackers is inevitable. It would cause a large scale of business impact losses to many companies. Thus, preemptive and preventive measures must also evolve to mitigate the damage. 

About the author

Leave a Reply