By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Cyberessentials Technology MagazineCyberessentials Technology MagazineCyberessentials Technology Magazine
  • Tech news
  • PC & Hardware
  • Mobile
  • Software
  • Gadget
  • Security
  • AI
  • Gaming
  • Marketing
  • WWW
Search
  • Contact
  • Blog
  • Complaint
  • Advertise
© 2025 Cyberessentials.org. All Rights Reserved.
Reading: New PumaBot botnet attacks Linux IoT devices with stealthy SSH brute-force tactics
Share
Notification Show More
Font ResizerAa
Cyberessentials Technology MagazineCyberessentials Technology Magazine
Font ResizerAa
  • Gadget
  • Technology
  • Mobile
Search
  • Tech news
  • PC & Hardware
  • Mobile
  • Software
  • Gadget
  • Security
  • AI
  • Gaming
  • Marketing
  • WWW
Follow US
  • Contact
  • Blog
  • Complaint
  • Advertise
© 2022 Foxiz News Network. Ruby Design Company. All Rights Reserved.
Security

New PumaBot botnet attacks Linux IoT devices with stealthy SSH brute-force tactics

Last updated: June 6, 2025 3:55 pm
Cyberessentials.org
Share
SHARE

A new botnet named PumaBot is quietly taking over Linux-based IoT devices worldwide. Unlike other botnets, it doesn’t randomly attack the internet. Instead, it uses precise tactics to breach security cameras, routers, and smart gadgets. Here’s what you need to know.

Contents
What makes PumaBot different?How PumaBot sneaks into devicesWhat happens after infection?Why your old security camera is at riskHow to protect your devices

What makes PumaBot different?

Most botnets send login attempts to random IP addresses. PumaBot, on the other hand, is smarter. It gets its target lists from its command center (ssh.ddos-cc[.]org), then attacks those devices with SSH password guesses. It’s like a burglar targeting houses with known weak locks.

“This isn’t some kid in a basement randomly attacking devices,” says a cybersecurity analyst. “PumaBot operators are professionals using military-style reconnaissance.”

How PumaBot sneaks into devices

The attack unfolds in three steps:

Step 1: The fake ID check
Before attacking, PumaBot checks if a device is real. It looks for the string “Pumatronix” – a known maker of traffic cameras. This suggests attackers target specific gear or avoid decoy systems.

Step 2: The camouflage
Once inside, PumaBot disguises itself as Redis database software. It hides in /lib/redis and creates fake system services named redis.service or mysqI.service (with a capital I to trick admins).

Step 3: The backdoor
The botnet plants its own SSH key in the authorized_keys file. Even if you delete the malware, this secret key lets attackers waltz back in anytime.

What happens after infection?

Compromised devices become crypto-mining slaves and data thieves. Darktrace researchers found PumaBot:

• Runs XMRig software to mine Monero cryptocurrency
• Installs rootkits that steal login credentials
• Uses networkxm tool for more SSH attacks
• Exfiltrates stolen data through Chinese domains like lusyn[.]xyz

The most disturbing component? A malicious pam_unix.so file that intercepts every successful login. Stolen passwords get saved to /usr/bin/con.txt before being sent to attackers.

Why your old security camera is at risk

PumaBot targets two common IoT weaknesses:

1. Default passwords: Many devices never change factory-set logins like admin/admin
2. Outdated software: Manufacturers often stop updating devices after 2-3 years

“Your grandma’s internet-connected thermostat could be mining crypto right now,” jokes a reddit user discussing the botnet. The scary truth? They’re not entirely wrong.

How to protect your devices

Cybersecurity experts recommend four key steps:

1. Change default passwords: Make new credentials at least 12 characters with mixed symbols
2. Block SSH from the internet: Use VPNs for remote access instead of open ports
3. Hunt for fake services: Check /etc/systemd/system for suspicious entries
4. Monitor SSH logs: Look for repeated failed login attempts from strange locations

As PumaBot continues evolving, one thing’s clear: IoT security can’t be an afterthought anymore. Your smart fridge might just be the weakest link in your digital life.

Is imei.info safe?
NordVPN Review: How well does it perform?
Best Security Practices for Cryptocurrency Exchange
Do Social Workers Make More Than Cybersecurity Specialists? A Deep Dive
The 10 Best Laptops for Cybersecurity Professionals
Share This Article
Facebook Copy Link Print
Share
Previous Article Vpn software logo What is a VPN? VPN meaning
Next Article ethical hacker working in cybersecurity in front of computers 10 Most Popular Cybersecurity Certifications That Will Boost Your Career in 2025
Leave a Comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Latest News

person holding black samsung android smartphone
How to Find Recently Watched Videos on Facebook
Guides
black and blue coated wires
DP to HDMI vs HDMI to DP
Guides
a person holding a cell phone with a bar code on it
How Many People Can Watch Netflix At Once
Guides
black and gray computer motherboard
Megabit (Mb) vs. Megabyte (MB): What’s the Difference?
Guides
white and black beats by dr dre headphones
Virtual Reality Modeling Language
Guides
a close up of a cell phone with buttons
How to Turn On the Flash for Your iPhone Camera
Mobile
a cell phone with a green icon on it
How to Stop Android’s Speech-to-Text From Blocking Swear Words
Guides Mobile
a man wearing a helmet and holding a pair of gloves
What Is AR Zone Application
Guides
banner banner
Cyberessentials.org
Discover the latest in technology: expert PC & hardware guides, mobile innovations, AI breakthroughs, and security best practices. Join our community of tech enthusiasts today!

You Might also Like

city skyline during night time
Security

Top 20 Cybersecurity Companies in Ireland

Cyberessentials.org
27 Min Read
white and brown city buildings during daytime
Security

Popular Cities for Cybersecurity Jobs in 2025

Cyberessentials.org
26 Min Read
black and silver laptop computer
Security

20 Free Cybersecurity Summer Programs for High Schoolers in 2025

Cyberessentials.org
23 Min Read
matrix cybersecurity
Security

The Matrix of All Current Cybersecurity Issues

Cyberessentials.org
29 Min Read
flat screen monitor turned-on
Security

How Do Macros Pose a Cybersecurity Risk: A Simple Explanation

Cyberessentials.org
24 Min Read
man and woman sitting on table
Security

Exploring Cybersecurity Volunteer Opportunities

Cyberessentials.org
29 Min Read
Cal Poly Pomona
Security

Cal Poly Pomona Cybersecurity Club: Your Gateway to Digital Defense

Cyberessentials.org
25 Min Read
man standing in front of people sitting beside table with laptop computers
Security

Understanding the Cybersecurity Solutions Buying Committee

Cyberessentials.org
35 Min Read
people sitting on chair in front of table while holding pens during daytime
Security

Do Job Recruiters Actually Verify Cybersecurity Certifications?

Cyberessentials.org
25 Min Read
//

Discover the latest in technology: expert PC & hardware guides, mobile innovations, AI breakthroughs, and security best practices. Join our community of tech enthusiasts today!

Support

  • PRIVACY POLICY
  • TERMS OF USE
  • OUR SITE MAP
  • CONTACT US
Cyberessentials Technology MagazineCyberessentials Technology Magazine
Follow US
© 2025 Cyberessentials.org. All Rights Reserved.
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?