Torii botnet targeting IoT devices | TechRadar
The new IoT malware strain/botnet, that the firm has codenamed Torii, has spread over poorly secured telnet services with the attack stemming from Tor exit nodes.
According to Avast, the infection chain begins with a telnet attack on the weak credentials of targeted devices followed by the execution of an initial shell script. The script tries to discover the architecture of the targeted device and once this is complete it attempts to download the appropriate payload for the devices (binary files in the EFL format).