Some Fiberhome routers are being utilized as SSH tunneling proxy nodes
description: When we further looked into it, we realized it is a component of an IoT botnet targeting Fiberhome router. But it does not do the regular stuff such as DDos, Cryptojacking, Spaming, information stealing. Its’ only purpose is to setup the routers to be SSH tunneling proxy nodes. Also, unlike the typical botnets which try their best to infect as many victims as they can, this one has pretty much stopped looking for new bots after its’ active daily bot number reached low 200. It seems that the author is satisfied with the number which probably provides enough proxy service for whatever purpose he needs.
publish date: 2019-08-02T00:00:00