IoT Botnet Service Offered by Hackers as “TheMoon”

identified in 2014, TheMoon botnet is configured to look for flaws on the
router set up by organizations like ASUS, D-Link, Linksys, and MikroTik. The
proxy botnet had been employed by the botnet operators for a number of reasons;
video advertisement fraud, general traffic obfuscation, and brute force, to
name a few.

malicious intentions of further expanding the botnet, the operators are
expected to constantly scan and look for exploitable services being run on IoT

TheMoon botnet attacks IoT apps which are functioning on port8080 and
on successfully detecting a vulnerable device, the botnet is programmed to drop
a shell script which once executed, downloads the initial phases of the

It has been
detected by Security researchers at CenturyLink that the recent module differs
from the previous one in the way that it converts the targeted
device into a SOCKS5 proxy and it allows the botnet operator to offer its proxy
network service to other people. 

The researchers further discovered that when
connecting to TCP port 8002, the person browsing automatically receives a
stream of log messages in association with an advertisement fraud.

from the findings of the CenturyLink report,

six-hour time period from a single server resulted in requests to 19,000 unique
URLs on 2,700 unique domains. After browsing some of the URLs, it was apparent
they all had embedded YouTube videos.”
always-on nature of IoT devices and the ability to masquerade as normal home
users make broadband networks prime targets for these types of attacks,”


Share this with Your friends:

Don't forget to share

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *