Friday, November 6, 01:36
Home security The LuaBot writer says his malware is not harmful!

The LuaBot writer says his malware is not harmful!

Two weeks ago, a security researcher named MalwareMustDie was faced with a new Linux trojan (LuaBot), which, according to him, was the first malicious Linux software written in Lua.

Η reverse analysis of the code showed that the trojan was primarily targeting IoT architectures and featured functionality to perform DDoS attacks and an unverified operation to bypass the DDoS protection provided by Sucuri, a US online security provider.

The LuaBot writer says his malware is not harmful!

In his source code LuaBot, the author of the malware had also left a message that wrote: “Hi. Happy reversing, you can send me a message: [REDACTED .ru email address]."

A French security researcher, named after him x0rz, contacted the malware writer and asked him some questions. The answers have been published online.

In this mini-interview, the crook says he does not work in the infosec community, nor is he a cyber-criminal associated with any hacking team.

He describes himself as "nobody" and says his malware is "not harmful." He backs that assessment by saying that LuaBot, its malware, is not stealing sign-in credentials router.

The LuaBot author says he has been working on malware for years and that what he originally started for fun has now turned into a profit.

He declined to name the type of activity he benefits from, but says he does not run any DDoS Stresser service like those "vDos kids".

Moreover, he states that he works with individuals and that he does not get involved with banks or governments.

The hacker also says he uses his own zero-days to infect the devices. A security researcher from Brazil, who also looked at malicious software, says the code seems to target ARRIS routers.

This is the same researcher who last year discovered three backdoors on ARRIS routers, which affected more than 600.000 modems connected to the Internet.

"If we can run the same query today (September / 2016) we can see that the number of exposed devices has dropped to around 35.000," notes Bernardo Rodrigues, a researcher from Brazil.

In addition, the investigator argues that, during the first stage of infection, LuaBot uses firewall rules to prevent further access to the device by external connections, which is an obvious self-protection feature.

However, malware does not include a boot persistence mechanism and a router restart removes it from the device.

At the time of writing, there are no known attacks that match LuaBot infections and despite the presence of HTTP flooding functions (for DDoS attacks), malicious software and its purpose remain a mystery.


Please enter your comment!
Please enter your name here


Researchers have discovered 75.000 files on second-hand USB drives

Security researchers have discovered 75.000 "extremely sensitive" documents on used USB devices, which were auctioned off on eBay.

How to restart a Google TV device

It is not uncommon for devices to stop working as they should. In many of these situations, a simple ...

Chesapeake Medical Center: 23.000 patient information reports

A data breach that affected Chesapeake Medical Center in Virginia, USA, resulted in the exposure of sensitive information about ...

An unknown person transferred $ 1.000.000 worth of bitcoin from a bitcoin wallet!

About $ 1 billion in bitcoin has been transferred from a mysterious wallet that has been in obscurity since 2015. The transfer of about ...

The National Guard cybersecurity team is assisting the UVM Medical Center with the hack

The cyber security unit of the Vermont National Guard will help the University of Vermont Medical Center put in ...

Expenditure on smart city technologies will increase by 22,7% by 2025

Research firm Frost & Sullivan has released a new report that analyzes global spending on smart city technologies that will ...

23,600 compromised databases leaked to the internet

More than 23.000 compromised databases are available on hacking forums and Telegram channels, with security experts saying it is ...

Watch Dogs: Legion was hacked and the source code was released on the internet

Watch Dogs: Legion is a Ubisoft game set recently released in London and has to do with hacking ....

How to disable Pop-up Blocker in Chrome

The appearance of pop-ups while browsing the web can be annoying, but sometimes you want to see pop-ups ....

Russian hacker arrested by Russian authorities for targeting locals

Russian authorities arrested a malware creator in late September, causing surprise as Russia is a country that is usually lenient ...