IT Security Archives | EVOSEC.
As usual, it targets ARM-based devices and it tries to download other files (
privntpd1, privsshd1, privopenssh1, privbash1, privtftp1, privwget1 etc) via curl or
wget (whichever is available on the infected devices). As usual, we suspect this
loader to be injected via unauthenticated telnet/hard-coded credentials —
although it ...