Connect with us

Hi, what are you looking for?


IoT Security

“Silexbot” Malware Bricks IoT Devices

A new piece of malware is targeting improperly secured Internet of Things (IoT) devices with the purpose of bricking them, Akamai’s security researchers have discovered.

A new piece of malware is targeting improperly secured Internet of Things (IoT) devices with the purpose of bricking them, Akamai’s security researchers have discovered.

Dubbed Silexbot, the bot is apparently the work of someone who claims to be “a 14-year-old boy from Europe” aiming to prevent other IoT malware families out there from infecting the insecure devices, as stated in the threat’s code. 

Silexbot was first discovered earlier this week, but development of the botnet appears to have already stopped, likely due to the unexpected attention the malware has already received. 

For infection, the bot targets known default credentials in IoT devices. Once it has gained access to the system, Silexbot fetches a list of all existing disk partitions, after which it writes random data from /dev/random to all of the discovered partitions. 

The threat uses the fdisk command for disk partition discovery, but Akamai’s Larry Cashdollar says that an alternative method might be employed if the command isn’t available. 

“While we have not seen concrete proof of this code functioning, within the binary the commands exist for Silexbot to read mounted file systems from /proc/mounts and write to them using mtd_write,” the researcher notes. 

As soon as this operation has been completed, the malware deletes network configurations and flushes iptables, while also adding a new rule that DROPS all connections. Silexbot also uses rm -rf / to delete anything it might have missed, and finally halts the device. 

Advertisement. Scroll to continue reading.

“Silexbot also tries to trash the partition tables by setting the disk Cylinders/Heads/Sectors all to 1,” the researcher said in a tweet. 

While the malware was designed to make the targeted systems inoperable, a firmware re-flash should help restore their functionality. 

The observed Silexbot samples are targeting Unix-like ARM-based devices that use default login credentials. However, the researchers also discovered that a Bash shell version was available to download, meant to target any architecture running a Unix-like OS.

“However, the alleged teenager developing the code has claimed to be located in Europe in media interviews and hasn’t expressed anything that would suggest Silexbot is retaliatory, which some have speculated. His stated motive was to solely take down infection targets of other botnets and their authors,” Cashdollar points out. 

Security researcher Ankit Anubhav, who talked to the Silexbot author, revealed on Twitter that the youngster has decided to leave the blackhat community after the bot gained too much unwanted attention. 

Related: BrickerBot Damages IoT Device Firmware

Related: New Mirai Variant Targets Enterprise IoT Devices

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.

IoT Security

An innocent-looking portable speaker can hide a hacking device that launches CAN injection attacks, which have been used to steal cars.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

IoT Security

Researchers at offensive hacking shop Synacktiv demonstrated successful exploit chains and were able to “fully compromise” Tesla’s newest electric car and take top billing...

Cybersecurity Funding

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...

IoT Security

Vulnerabilities in electric vehicle charging management systems can be exploited for DoS attacks and to steal energy or sensitive information.

IoT Security

Chinese video surveillance company Hikvision has patched a critical vulnerability in some of its wireless bridge products. The flaw can lead to remote CCTV...