A New Linux Trojan Virus Called Linux/NyaDrop Targets IOT Devices


There is a new Linux Trojan virus has been found named Linux/NyaDrop. Actually, it is already reverse engineered by the MalwareMustDie. This is in fact the same researcher who discovered the Mirai. Although, the Mirai IoT botnet was used in the multiple attacks and also had a global infection rate. The presence of this new Linux Trojan virus may be explained with fact that the Mirai source code was leaked which is not too long ago.

Besides, the MalwareMustDie’s research indicates that the Linux/NyaDrop threat was used in the brute-force attacks on the Telnet ports and Softpedia reports. Initially, this malware was rather simplistic, but its malicious code has progressed since the DDoS attacks on the KrebsOnSecurity. The virus developers must have been lured by the success of Mirai IoT botnet. Similarly to the average of IoT malware, Linux/NyaDrop attacks are based on the brute-forcing Internet-connected IoT devices through their default credentials.

Know More About Linux/NyaDrop

Linux/NyaDrop Trojan is quite small in the size and that is because it is a dropper. A dropper is a piece of nasty malware only deployed in order to download other nasty viruses onto the computer. Perhaps, this is the first time the researchers come across the IoT malware which uses a dropper. Droppers are a common practice for the desktop malware and are a typical part of an average malware attack. Why Linux/NyaDrop? The name comes from an actual malware which may be dropped i.e. an ELF binary dubbed “nya”. However, as for a successful virus infection, the researcher gives the following explanation:


When the Linux/NyaDrop infection is successful, it will open a backdoor and then download Nya Trojan, only if the IoT device uses the MIPS 32-bit architecture for its CPU. The MIPS-based CPUs are typical for the devices like routers, CCTV cameras, DVRs, embedded computers in general. The worst part of this threat is that yet-to-be-released versions of NyaDrop that can be deployed in a range of harmful scenarios. For one, the new payloads can be downloaded on the infected machines. The new malware can be used in order to initiate the DDoS attacks or can be used as a proxies for the web traffic, hence, concealing the attacker’s actual location. All these techniques employed by the developers of Linux/NyaDrop reveal a well-thought agenda. The con artists is doing whatever they can not to get caught. Hence, it should be removed from the system ASAP.

Leave a Comment

Your email address will not be published. Required fields are marked *