As detailed in The Hacker News, cybersecurity researchers have uncovered a new Internet-of-Things (IoT) botnet framework named TuxBot v3 Evolution. This framework exhibits characteristics suggesting it was developed with the assistance of a large language model (LLM), though the AI's contributions appear to have had mixed success.Palo Alto Networks Unit 42 reported that while the LLM generated botnet code, it included an unremoved safety disclaimer. Several functions in the analyzed samples failed to operate correctly, indicating potential flaws in the AI-assisted development process. The botnet framework is modular, featuring a C-based bot agent supporting multiple architectures, a Go-based command-and-control (C2) server with a DDoS-for-hire panel, and an exploit virtual machine. The bot agent attempts to brute-force Telnet access using a large set of credentials and exploits over 30 IoT device families. Communication with the C2 server is encrypted, with fallback mechanisms including a SHA512 domain generation algorithm and a peer-to-peer protocol.Tracing its lineage to botnets like Mirai and AISURU, TuxBot v3 Evolution also incorporates code from the MHDDoS Python toolkit. Evidence suggests development began around January 2025. The C2 server uses specific TCP ports for command dispatch, an interactive SSH shell, and programmatic access via a JSON interface. The botnet's initialization sequence includes anti-debugging measures, persistence installation, and launching of various attack modules. The framework's reliance on AI, despite its current flaws, signals a potential acceleration in feature integration for botnet development, enabling single developers to create complex toolsets. TuxBot is believed to be part of the Keksec ecosystem, known for operating multiple parallel IoT botnets.Source: The Hacker News
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds




