Custom malware Kaiji targets IoT devices via SSH brute forcing


Chinese origin botnet, Kaiji, built from scratch in the Golang language, can launch multiple DDoS attacks, SSH bruteforcer, SSH spreader.
  • Intezer has discovered a new Chinese origin botnet that targets servers and IoT devices via SSH brute forcing.
  • Unlike common botnets that use implants from popular open source or dark web tools, Kaiji uses custom implants.
  • It has been built from scratch in the Golang programming language, which is uncommon in IoT botnets.
  • Though simple, Kaiji has the capabilities to launch:
    • Multiple DDoS attacks such as ipspoof and synack attacks
    • An SSH bruteforcer module to continue the spread
    • An SSH spreader which hijacks local SSH keys to infect hosts that the server has connected to previously.

Table of Contents

Request an easy and customized demo for free