InterPlanetary Storm (IPStorm) is a botnet that was discovered last year targeting Windows systems. Around May 2019, the botnet included roughly 3,000 infected devices. Since then, it has grown to over four times that size at roughly 13,500 devices. According to reports from Bitdefender and Barracuda, new variants of the malware were recently released targeting Mac, Linux Android and IoT devices as well. To spread, IPStorm brute-forces SSH credentials and looks for Android devices exposed to the Internet with ADB (Android Debug Bridge) enabled. Although the botnet has been around for over a year now, its goal is still unclear to researchers. Even though IPStorm leaves a reverse shell on infected hosts, it hasn’t been observed being used.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in