KmsdBot [1] [2] [3] [4] [5], a botnet malware [1] [2] [3] [4], has recently been discovered in an updated version that specifically targets vulnerable Internet of Things (IoT) devices.


This revised binary incorporates Telnet scanning functionality and expanded support for various CPU architectures commonly found in IoT devices [5]. Akamai security researcher Larry W [1] [2]. Cashdollar reported the information about this updated version in an analysis published this month. By scanning random IP addresses for open SSH ports and using a password list to brute-force the system [4], the malware gains unauthorized access. These enhancements significantly expand the botnet’s attack surface, enabling it to target a wider range of devices and pose an ongoing threat to the security of internet-connected devices [3]. The prevalence and vulnerability of IoT devices on the internet are further highlighted by the ongoing activities of the KmsdBot malware campaign.


The discovery of the updated version of KmsdBot highlights the increasing risks faced by IoT devices. With Telnet scanning functionality and expanded CPU architecture support [5], the malware can now target a wider range of devices [2] [5], posing a significant threat to their security. It is crucial for users and manufacturers of IoT devices to be aware of these vulnerabilities and take appropriate measures to mitigate the risks. As the prevalence of IoT devices continues to grow, it is essential to prioritize security measures to protect against ongoing threats like the KmsdBot malware campaign.