By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Cyberessentials Technology MagazineCyberessentials Technology MagazineCyberessentials Technology Magazine
  • Tech news
  • PC & Hardware
  • Mobile
  • Software
  • Gadget
  • Security
  • AI
  • Gaming
  • Marketing
  • WWW
Search
  • Contact
  • Blog
  • Complaint
  • Advertise
© 2025 Cyberessentials.org. All Rights Reserved.
Reading: New PumaBot botnet attacks Linux IoT devices with stealthy SSH brute-force tactics
Share
Notification Show More
Font ResizerAa
Cyberessentials Technology MagazineCyberessentials Technology Magazine
Font ResizerAa
  • Gadget
  • Technology
  • Mobile
Search
  • Tech news
  • PC & Hardware
  • Mobile
  • Software
  • Gadget
  • Security
  • AI
  • Gaming
  • Marketing
  • WWW
Follow US
  • Contact
  • Blog
  • Complaint
  • Advertise
© 2022 Foxiz News Network. Ruby Design Company. All Rights Reserved.
Security

New PumaBot botnet attacks Linux IoT devices with stealthy SSH brute-force tactics

Last updated: June 6, 2025 3:55 pm
Cyberessentials.org
Share
SHARE

A new botnet named PumaBot is quietly taking over Linux-based IoT devices worldwide. Unlike other botnets, it doesn’t randomly attack the internet. Instead, it uses precise tactics to breach security cameras, routers, and smart gadgets. Here’s what you need to know.

Contents
What makes PumaBot different?How PumaBot sneaks into devicesWhat happens after infection?Why your old security camera is at riskHow to protect your devices

What makes PumaBot different?

Most botnets send login attempts to random IP addresses. PumaBot, on the other hand, is smarter. It gets its target lists from its command center (ssh.ddos-cc[.]org), then attacks those devices with SSH password guesses. It’s like a burglar targeting houses with known weak locks.

“This isn’t some kid in a basement randomly attacking devices,” says a cybersecurity analyst. “PumaBot operators are professionals using military-style reconnaissance.”

How PumaBot sneaks into devices

The attack unfolds in three steps:

Step 1: The fake ID check
Before attacking, PumaBot checks if a device is real. It looks for the string “Pumatronix” – a known maker of traffic cameras. This suggests attackers target specific gear or avoid decoy systems.

Step 2: The camouflage
Once inside, PumaBot disguises itself as Redis database software. It hides in /lib/redis and creates fake system services named redis.service or mysqI.service (with a capital I to trick admins).

Step 3: The backdoor
The botnet plants its own SSH key in the authorized_keys file. Even if you delete the malware, this secret key lets attackers waltz back in anytime.

What happens after infection?

Compromised devices become crypto-mining slaves and data thieves. Darktrace researchers found PumaBot:

• Runs XMRig software to mine Monero cryptocurrency
• Installs rootkits that steal login credentials
• Uses networkxm tool for more SSH attacks
• Exfiltrates stolen data through Chinese domains like lusyn[.]xyz

The most disturbing component? A malicious pam_unix.so file that intercepts every successful login. Stolen passwords get saved to /usr/bin/con.txt before being sent to attackers.

Why your old security camera is at risk

PumaBot targets two common IoT weaknesses:

1. Default passwords: Many devices never change factory-set logins like admin/admin
2. Outdated software: Manufacturers often stop updating devices after 2-3 years

“Your grandma’s internet-connected thermostat could be mining crypto right now,” jokes a reddit user discussing the botnet. The scary truth? They’re not entirely wrong.

How to protect your devices

Cybersecurity experts recommend four key steps:

1. Change default passwords: Make new credentials at least 12 characters with mixed symbols
2. Block SSH from the internet: Use VPNs for remote access instead of open ports
3. Hunt for fake services: Check /etc/systemd/system for suspicious entries
4. Monitor SSH logs: Look for repeated failed login attempts from strange locations

As PumaBot continues evolving, one thing’s clear: IoT security can’t be an afterthought anymore. Your smart fridge might just be the weakest link in your digital life.

100 Inspirational Cybersecurity Quotes to Understand the Digital World
Information Security vs Cyber Security: A Clear Explanation
Cybersecurity in Auto Insurance: Protecting Your Data in a Digital World
Cyber Security Engineer Job Description: The Ultimate Guide
Top 20 Cybersecurity Domains: A Detailed Guide
Share This Article
Facebook Copy Link Print
Share
Previous Article Vpn software logo What is a VPN? VPN meaning
Next Article ethical hacker working in cybersecurity in front of computers 10 Most Popular Cybersecurity Certifications That Will Boost Your Career in 2025
Leave a Comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Latest News

person using black and red Acer laptop computer on table
The 10 Best Cybersecurity Bootcamps of 2025
Security
degree
Why You Should Choose UMGC for a Cybersecurity Degree
Security
cybersecurity conference
Cybersecurity Conferences 2025: Your Ultimate Guide
Security
person using black laptop computer
Cybersecurity as a Service: Your Ultimate Guide
Security
password leak
Massive Password Leak: 16 Billion Credentials Exposed!
Security
coding
Does Cybersecurity Require Coding?
Security
FDA Cybersecurity Guidance
Navigating the World of FDA Cybersecurity Guidance: A Simple Guide
Security
TTP in Cybersecurity
Understanding TTP in Cybersecurity: The Hacker’s Playbook
Security
banner banner
Cyberessentials.org
Discover the latest in technology: expert PC & hardware guides, mobile innovations, AI breakthroughs, and security best practices. Join our community of tech enthusiasts today!

You Might also Like

closeup photo of eyeglasses
Security

Big Data and the Ethics of Cybersecurity

Cyberessentials.org
17 Min Read
purple and pink light illustration
Security

Common Port Numbers In Cybersecurity: A Simple Guide

Cyberessentials.org
16 Min Read
proofpoint
SecurityTechnology

A Deep Dive into UniFi CyberSecure by Proofpoint

Cyberessentials.org
15 Min Read
person holding iPhone
Security

The Junction Between Cybersecurity and Social Psychology

Cyberessentials.org
20 Min Read
person using laptop computers
Security

The Gray Maze: A Deep Dive into Justin Shafer, Cybersecurity, and Its Hard Lessons

Cyberessentials.org
15 Min Read
cybersecurity company
Security

A Guide to the Best Cybersecurity Companies

Cyberessentials.org
11 Min Read
donald trump
Security

Digital Fortresses: What Happened to Cybersecurity Money in the Trump Era?

Cyberessentials.org
13 Min Read
pretexting
Security

What is Pretexting in Cyber Security: A Complete Guide

Cyberessentials.org
27 Min Read
person using black laptop computer
Security

Can You Make Millions in Cyber Security? The Complete Guide to Building Wealth in Digital Protection

Cyberessentials.org
16 Min Read
//

Discover the latest in technology: expert PC & hardware guides, mobile innovations, AI breakthroughs, and security best practices. Join our community of tech enthusiasts today!

Support

  • PRIVACY NOTICE
  • YOUR PRIVACY RIGHTS
  • INTEREST-BASE ADSNew
  • TERMS OF USE
  • OUR SITE MAP

Sign Up for Our Newsletter

Subscribe to our newsletter to get our newest articles instantly!

[mc4wp_form id=”1616″]

Cyberessentials Technology MagazineCyberessentials Technology Magazine
Follow US
© 2025 Cyberessentials.org. All Rights Reserved.
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?