IoT_Malware - description
- Last Updated: May 1, 2026
- 1 minute read
- Flowmon Products
- Flowmon Anomaly Detection System
- Documentation
Sources:
Mirai and Variants:
- Miori IoT botnet using ThinkPHP remote code execution exploit
- Mirai variant using multiple exploits targeting routers
- Miori variant using unique command and control communication protocol
- Mirai command and control servers hiding in Tor network
- Neko Mirai and Bashlite targeting various routers
Other IoT Malware Families:
- Brazilian hacking group targeting IoT devices
- Perl-based Shellbot targeting organizations
- Novidade exploit kit targeting home and small office routers
- Hakai and Yowai botnets exploiting ThinkPHP vulnerabilities
- Hakai Linux IoT botnet analysis
- Bashlite IoT malware targeting WeMo devices with mining capabilities
- Glupteba campaign targeting network routers with Bitcoin-based command and control updates
Researchers have identified malware specifically designed to target Internet of Things (IoT) devices and routers. This malware includes code that can run on RouterOS and communicates with command and control servers to receive instructions for infected devices. The malware can modify DNS settings and use infected devices within the router's network as proxies.
Flowmon ADS detects communication between infected devices and command and control servers.
