BrickerBot wasmalware that attempted topermanently destroy ("brick") insecureInternet of Things devices. BrickerBot logged into poorly-secured devices and ran harmful commands to disable them. It was first discovered byRadware after it attacked their honeypot in April 2017. On December 10, 2017, BrickerBot was retired.
The most infected devices were in Argentina, followed by North America and Europe, and Asia (including India).[1]
The BrickerBot family of malware was first discovered byRadware on April 20, 2017, when BrickerBot attacked theirhoneypot 1,895 times over four days. BrickerBot's method of attack was to brute-force thetelnet password, then run commands usingBusyBox to corruptMMC andMTD storage, delete all files, and disconnect the device from the Internet. Less than an hour after the initial attack, bots began sending a slightly different set of malicious commands, indicating a new version, BrickerBot.2. BrickerBot.2 used theTor network to hide its location, did not rely on the presence of busybox on the target, and was able to corrupt more types of storage devices.[2]
BrickerBot.3 was detected on May 20, 2017, one month after the initial discovery of BrickerBot.1. On the same day, one device was identified as a BrickerBot.4 bot. No other instances of BrickerBot.4 were seen since.[3]
According to Janit0r, the author of BrickerBot, it destroyed more than ten million devices before Janit0r announced the retirement of BrickerBot on December 10, 2017.[4] In an interview withBleeping Computer, Janit0r stated that BrickerBot was intended to prevent devices from being infected byMirai.[5][6]US-CERT released an alert regarding BrickerBot on April 12, 2017.[7]