The new Chinese made Malware Kaiji targets Linux based system and Internet of Things devices for DDoS attacks
The New Kaiji Malware was discovered by a security researcher at Intezer labs known as MalwareMustDie affecting specifically Linux based systems and the IoT devices. The researcher also assumes that Malware was coded by a Chinese developer for launching DDoS attacks.
Basically there are already so many C or C++ projects freely available on GitHub and hacking forums that make creating an IoT botnet a simple operation. What makes Kaiji different from other malware is that it is developed using the Go programming language instead of C or C++, which are the most common languages for programming malware strains.
According to Paul Litvak from Intezer, “The Internet of things (IoT) botnet ecosystem is relatively well-documented by security specialists. It is not often that you see a botnet’s tooling written from scratch.”
Guys, another new #China (#PRC) made #DDoS #ELF #malware, I called it: "#Linux/Kaiji", coded in #Go lang, packed, VT low detection=1. You may want to block #C2 at:
1[.]versionday[.]xyz at 66[.]11[.]125[.]66 (at 220.127.116.11/24)
Good for ur @radareorg RE🥰https://t.co/YYDZ54BW26 pic.twitter.com/MIQQihhmXo
— ☩MalwareMustDie (@malwaremustd1e) May 3, 2020
The botnet targets only root accounts because it requires root access to manipulate raw network packets for DDoS attacks and other malicious activities. But, As soon as the malware gains access to the root account successfully, it can affect your device in different ways. The Kaiji malware can launch DDoS attacks, launch SSH-Brute force attacks against other devices, and can steal the SSH Keys.
Litvak also said that the botnet, despite having the capability to launch six different types of DDoS attacks, was clearly a work-in-progress. The code lacked in features when compared to other more established botnets, contained the “demo” string in some places, and the rootkit module would often call itself too many times and exhaust the device’s memory, leading to a crash.
Recently, we have seen an increase in the number of malware targeting Linux servers, and Kaiji is another example of malware authors moving their focus to Linux and IoT devices