PumaBot: Novel Botnet Targeting IoT Surveillance Devices

June 5, 2025, 1:16 a.m.

Description

A new Go-based Linux botnet named PumaBot has been identified targeting IoT devices, particularly surveillance systems. It brute-forces SSH credentials using lists from a C2 server, then deploys itself and establishes persistence. The malware disguises itself as legitimate system files, creates systemd services, and adds SSH keys for backdoor access. It also includes components for credential theft and system monitoring. The botnet demonstrates sophisticated evasion techniques and aims for long-term access to compromised devices.

External References

https://www.darktrace.com/blog/pumabot-novel-botnet-targeting-iot-surveillance-devices
https://otx.alienvault.com/pulse/6840aeed45c664821c11fe38
Tags
linux
surveillance
persistence
iot
botnet
credential theft
2025-06-04
pumabot
ssh brute-force

Date

  • Created: June 4, 2025, 8:39 p.m.
  • Published: June 4, 2025, 8:39 p.m.
  • Modified: June 5, 2025, 1:16 a.m.

Indicators

  • f540f7af0ba3995c2a35f623b83737456c93e55f
Download all indicators here!

Attack Patterns

Additional Informations

  • Technology