A listing of brands can be found here. Amnesia exploits this remote code execution vulnerability by scanning for, locating, and attacking vulnerable systems. Successful attacks result in Amnesia gaining full control of the device. Attackers could potentially harness the Amnesia botnet to launch broad DDoS attacks like the Mirai botnet attacks
Amnesia is believed to be the first Linux malware to adopt virtual machine evasion techniques to defeat malware analysis sandboxes more commonly associated with Microsoft Windows and Google Android malware.
Amnesia tries to detect whether it is running in a VirtualBox, VMware or QEMU based virtual machine. If it detects those environments it will wipe the virtualised Linux system. This affects not only Linux malware analysis sandboxes but also some QEMU based Linux servers on VPS or on the public cloud.
Palo Alto Networks adds that the malware reveals some interesting and notable trends of current IoT/Linux botnet threats:
- IoT/Linux malware has begun to adopt classic techniques to evade and even wipe virtual machines.
- IoT/Linux malware targets and attacks known remote code execution vulnerabilities in IoT devices. These are typically manufactured by smaller manufacturers and there may be no patch available so network security is the only solution.
- IoT/Linux malware may also affect Linux servers deployed in VPS or in public cloud.