Reddit NetSec

AlienVault OTX General

Reddit InfoSec News

Exploit-DB RSS Feed

CIRCL OSINT Feed

ThreatFox MISP Feed

CVE Database V5

AlienVault OTX Vulnerabilities

AlienVault OTX Malware

A new Go-based Linux botnet named PumaBot has been identified targeting IoT devices, particularly surveillance systems. It brute-forces SSH credentials using lists from a C2 server, then deploys itself and establishes persistence. The malware disguises itself as legitimate system files, creates systemd services, and adds SSH keys for backdoor access. It also includes components for credential theft and system monitoring. The botnet demonstrates sophisticated evasion techniques and aims for long-term access to compromised devices.

PumaBot is a newly identified Linux-based botnet written in Go, specifically targeting Internet of Things (IoT) devices, with a focus on surveillance systems. The botnet operates by brute-forcing SSH credentials using credential lists obtained from a command and control (C2) server. Once access is gained, PumaBot deploys itself onto the compromised device and establishes persistence by masquerading as legitimate system files and creating systemd services. It also adds SSH keys to maintain backdoor access, allowing the attacker to regain control even after reboots or attempts to remove the malware. PumaBot includes modules for credential theft and system monitoring, indicating its intent to harvest sensitive information and maintain long-term surveillance of infected devices. The malware employs sophisticated evasion techniques to avoid detection, including disguising its files and processes. The botnet’s tactics align with multiple MITRE ATT&CK techniques such as T1021.004 (SSH Remote Services), T1082 (System Information Discovery), T1205 (Traffic Signaling), T1562.004 (Impair Defenses: Disable or Modify Tools), and others related to persistence, credential access, and lateral movement. Although no known exploits are currently reported in the wild, the botnet’s ability to brute-force SSH credentials and establish persistent backdoors poses a significant threat to IoT surveillance devices, which often have weak security configurations. The use of Go language enhances cross-platform capabilities and complicates reverse engineering efforts. PumaBot’s focus on surveillance devices is particularly concerning as these devices often handle sensitive video feeds and are integral to physical security infrastructures.

Detailed information about PumaBot: Novel Botnet Targeting IoT Surveillance Devices. Get real-time updates, technical details, and mitigation strategies.

Title	Severity	Type	Source	Date

Threats Tagged 'ssh brute-force'

Filter Threats

Threats Tagged 'ssh brute-force'

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility