Days after unfamous Mirai botnet, a major new attack is now targeting Linux-powered IoT devices. Dubbed as NyaDrop, the attack loads malware on connected devices such as DVRs and CCTV cameras.
As first spotted by MalwareMustDie blog, the newly emerged malware is loaded on IoT devices that lack preliminary security measures. It was first detected in May and a recent iteration was detected in September via Mirai.
David Bisson of computer security blog Graham Cluley claims that the latest version of NyaDrop was used in a DDoS attack on Brian Krebs’ website. The targeted devices that were found to be affected by the attack were based on MIPS systems using 32-bit architecture machine. Since the malware is capable of deleting, its logs from MIPS system to evade detection, antivirus scans are still undetected.
The malicious code is reportedly capable of parsing archived usernames and passwords stored on MIPS system. This means that the lightweight binary execution takes place on other malware of infected device.
Certainly, precautionary measures can be of great help to avoid this NyaDrop attack. It is recommended for affected device users to replace their default login credentials with a strong password.