Remaiten

Remaiten is malware which infects Linux on embedded systems by brute forcing using frequently used default username and passwords combinations from a list in order to infect a system.

Remaiten combines the features of the Tsunami and LizardStresser (aka Torlus) malware families. The command and control for Remaiten are handled by IRC communications. Additionally the command and control is done by an actual IRC channel rather than only the IRC protocol. This is an improvement over bots such as Tsunami and Torlus making Remaiten a greater threat than both combined.

To avoid detection, Remaiten tries to determine the platform of a device to download the architecture-appropriate component from the command & control server.

Once Remaiten infects a device it is able to perform actions such as launching distributed denial of service attacks or download more malware on a device. Remaiten is able to scan and remove competing bots on a system compromised by it.