Meet dark_nexus, quite possibly the most potent IoT botnet ever

A newly discovered botnet that preys on home routers, video recorders, and other network-connected devices is one of the most advanced Internet-of-things platforms ever seen, researchers said on Wednesday. Its list of advanced features includes the ability to disguise malicious traffic as benign, maintain persistence, and infect devices that run on at least 12 different CPUs.

Researchers from antivirus provider Bitdefender described the so-called dark_nexus as a “new IoT botnet packing new features and capabilities that put to shame most IoT botnets and malware that we’ve seen.” In the three months that Bitdefender has tracked it, dark_nexus has undergone 30 version updates, as its developer has steadily added more features and capabilities.

The malware has infected at least 1,372 devices, which include video recorders, thermal cameras, and home and small office routers made by Dasan, Zhone, Dlink, and ASUS. Researchers expect more device models to be affected as dark_nexus development continues. Referring to other IoT botnets, the researchers wrote in a report: “Our analysis has determined that, although dark_nexus reuses some Qbot and Mirai code, its core modules are mostly original. While it might share some features with previously known IoT botnets, the way some of its modules have been developed makes it significantly more potent and robust.”