Specific Safety reported that some hackers managed to infect with malicious software some devices IoT still running Windows 7 and have been designed by three of the largest manufacturers in the world.

The discovery was made by¬†TrapX¬†researchers, who believe it may be a ”¬†supply chain¬†attack¬†“.

According to the data, the infection took place a few months ago, in October 2019. The hackers infected the IoT devices with malware that belongs to the cryptocurrency miners. Affected IoT devices include self-guided vehicles (AGVs, robots), a printer and a smart TV.

“The sample of malware analyzed by TrapX¬ģ is part of the¬†Lemon_Duck¬†family¬†that runs double-click or through persistence mechanisms,”¬†TrapX¬†researchers¬†said.¬†“Initially, the malicious¬†program¬†swept the¬†network¬†for possible targets, especially those open to¬†service¬†SMB (445) or MSSQL (1433).¬†Once a potential target was identified, the¬†cryptocurrency¬†miner began his work. “

According to experts, the attacks on the three manufacturers’ IoT devices are probably¬†part of the same¬†hacking¬†campaign.¬†The attackers infected at least 50 companies’ sites in the Middle East, North America, and Latin America.

The attackers used a¬†downloader¬†that executes¬†malicious scripts¬†related to¬†cryptocurrency miner Lemon_Duck.¬†Researchers say this malware is¬†spreading very fast,¬†which is why it is considered “extremely dangerous”.

crypto mining

“Once again, the entry point was an IoT¬†device¬†running Windows 7. The attacks confused the production process, destroying AGV robots.¬†The malware has spread quite quickly, ‚ÄĚthe researchers said.¬†“TrapX software provided a timely detection of cryptocurrency¬†malware¬†and allowed the security team to immediately disconnect¬†infected AGVs¬†from the network.”¬†AGV-robots are IoT technology and are commonly used to transport materials to factories.

Windows 7 ceased to be supported by Microsoft about a month ago. However, many users around the world continue to use them, making their devices vulnerable. Cybercriminals are aware of this and are looking for vulnerable IoT and other systems to attack.

Experts have found many automated vehicles (AGVs) running Windows 7 to be infected with the cryptocurrency miner.

Also, the cryptocurrency miner was found in¬†HP’s DesignJet SD Pro printer,¬†which has been used to print designs that contain sensitive data related to the target production process.¬†The¬†hackers¬†infecting their device and gained¬†access¬†to the target network.

Finally, the malware was installed on a smart TV with a built-in PC that also ran Windows 7.

TrapX experts suspect it was a supply chain attack and that malware was first installed on vulnerable devices and then affected the manufacturers’ sites.

More details on the contamination of IoT devices can be found in the report published by TrapX.

Leave a Reply