InterPlanetary Storm Targets Mac, Windows, Linux Android and IoT devices in 84 Countries

Walden Systems Geeks Corner News InterPlanetary Storm Targets Mac, Windows, Linux Android and IoT devices in 84 Countries Rutherford NJ New Jersey NYC New York City North Bergen County
Rita gives you full control of what sites your employees visit. Rita can block sites that eat up your precious bandwidth such as media streaming sites. Rita enables you full control of what sites your employees can and cannot visit. Rita gives you the ability to block undesirable sites by wildcard or by name. Rita gives you the ability to determine which computers will be blocked and which will be allowed. With Rita, you can block access to sensitive servers within your LAN.

A new variant of InterPlanetary Storm malware has been found in the wild targeting iOS, Windows, Linux and Android devices. According to Barracuda researchers, the malware is building a botnet which currently includes roughly 13,500 infected machines located in 84 different countries around the world, and that number continues to grow. The malware is called InterPlanetary Storm because it uses the InterPlanetary File System p2p network. IPFS is an open-source project that has been adopted for a variety of purposes because it allows users to also host data including web pages that can be accessed via a browser. This allows infected nodes to communicate with each other directly or through other relays.

This new variant gains access to machines by running a dictionary attack against SSH servers, similar to FritzFrog, a peer-to-peer malware. It can also access open ADB (Android Debug Bridge) servers. The malware detects the CPU architecture and running OS and it can run on ARM-based machines which is very common in routers and IoT devices. The new version of InterPlanetary Storm is written in Go. It spreads using SSH brute force targeting ADB ports, and it serves malware files to other nodes in the network.


Once infected, the devices talk with the command-and-command server to notify that they are an aspect of the botnet. Researchers noted that the IDs of every single contaminated machine are created through initial infection and will be reused if the host restarts or the malware updates. Once downloaded, it also serves malware information to other nodes in the network. The malware allows reverse shell and can operate bash shell, claimed researchers.

Barracuda researchers found unique features designed to help the malware spread and infect new victims. The malware searches for the string “svr04” in the default shell prompt, which was also used by the Cowrie honeypot malware before. The malware checks for the latest available version and updates itself accordingly. It persists by installing a service using a Go daemon package. It disables other processes like debuggers and other competing malware that pose a threat to itself.

There are a few things you can do to protect against this malware variant. Properly configure SSH access on all devices, use keys instead of passwords to make access more secure. Use a security management tool to monitor SSH access control to eliminate any configuration mistakes. To provide secured access to shells, deploy an MFA-enabled VPN connection and segment your networks for the specific needs instead of granting access to broad IP networks.