A new malware strain has begun to attack IoT devices, wiping their firmware and rendering them useless. As of the writing of the article the malware has been live for a day and has already claimed a confirmed 2,000 victims in about 3 hours. Reports state that, Silex, the name of this malware, will continue to grow in scale and destructive nature.
How Does Silex Work
Reports state that Silex operates by destroying an IoT’s devices storage, removing the devices network config, dropping firewall rules, and ultimately ending by halting the device’s ability to operate. It does this by logging into the system using know default login credentials. In terms of destructive capabilities, this strain of malware is extremely threatening. If infected by the malware, the only option is to reinstall the device’s firmware, an operation many users will find to difficult to do. Experts believe this malware will lead to infected users throwing their devices away, thinking they were malfunctioning, rather than suspecting malware to be the case.
For now, Silex appears to only be targeting Unix-like systems with default login credentials, but the malware also has a Bash shell version as well, meaning it could also be used to target systems running Unix like operating systems. This could spell disaster for Linux servers that have unsecured Telnet ports and poor admin or user credentials.
At the time, the malware uses Iranian hosting services to operate, which has already been blacklisted by URLhaus. However, it is still recommended that you make sure your passwords are up to date and are anything but the default.