The threat at a glance Darktrace researchers have identified PumaBot, a Go-based Linux botnet that focuses on embedded surveillance cameras and other IoT devices.Unlike spray-and-pray botnets that scan the whole internet, PumaBot pulls a curated IP list from its C2 and then brute-forces SSH logins on port 22 until it gets a shell. Once in, it drops its payload under /lib, registers a rogue systemd service, injects a back-door key into ~/.ssh/authorized_keys, and can fetch further modules via the same C2 channel. Why device-level controls matter Because PumaBot’s entire kill-chain exploited vulnerabilities and misconfiguration on the device itself, network-edge firewalls […]
The post Defeating PumaBot: How Check Point Quantum IoT Protect Nano Agent Shields Surveillance Devices appeared first on Check Point Blog.