Good evening, just in this moment I noticed that the file autostart.sh of my libreelec has been modified with a botnet kaiten command, the binary was in the .config folder, I immediately restored the autostart.sh file and To eliminate the binaries, I would like to have comfort from the developers, from what I read on the network kaiten is a very dangerous malware.
ESET has just identified a new and more powerful version of Kaiten, a maliciously-controlled Internet Relay Chat (IRC) malware used to dispose of DDoS (Distributed Denial of Services) attacks. Remastered malware has been dubbed Linux / Remaiten and targets networking devices such as wireless routers, gateways and access points, and potentially even IoT devices equipped with Linux operating systems. ESET researchers have so far identified three variants of Linux / Remaiten, identified as versions 2.0, 2.1 and 2.2.
Based on the code analysis, the main novelty of this release is its sophisticated spreading mechanism: using Linux / Gafgyt telnet scanning system, Linux / Remaiten improves its spreading mechanism by sending its own code Binary executable on networked devices such as routers and other connected devices, trying to hit especially those protected by weak credentials.
The work of the Downloader component, embedded in the binary of the bot itself, is to request the binary code of the Linux / Remaiten bot to its command and control server. When this is done, it creates another bot that can then be used by criminals. ESET researchers noted that this technique had already been used by Linux / Moose to spread infections.
It is curious that this variant of malware includes a message intended for anyone trying to neutralize this threat: inside the welcome message, version 2.0 directly cites malwaremustdie.org which has published detailed information about Gafgyt, Tsunami and other members of this family Of malware.