KmsdBot Botnet: When the Internet of Things becomes the Internet of Problems


Reaction score
An updated version of KmsdBot or your smart toaster-who will be smarter?

The updated version of the KmsdBot malware botnet expands its capabilities and targets Internet of Things (IoT) devices. This makes it one of the most adaptive and dangerous tools for cyber attacks.

According to Akamai security researcher Larry Cashdollar, the new version has advanced features. It not only supports more processors with different architectures, but also scans random IP addresses for open SSH ports. To do this, use the brute-force password method.

"The telnet scanner tries to connect to port 23 on a randomly generated IP address and additionally checks whether there is data in the receiving buffer," explains Cashdollar. Thus, the arsenal of methods is becoming more sophisticated.

KmsdBot was first spotted in November 2022. Initially, it attacked private game servers and cloud hosting providers. However, the botnet has recently expanded its activities, also attacking some Romanian state and Spanish educational websites.

Processors with architectures that the program is currently mastering are often used in IoT devices. This expands the potential range of victims and makes IoT systems particularly vulnerable.

KmsdBot continues to be actively developed. Cybersecurity experts are concerned about the fact that on the darknet, any attacker planning DDoS attacks can rent it. Until security mechanisms are developed, we can say that the evolution of the botnet poses a threat to the entire Internet.