Earlier, a Golang malware targeting Windows, was dubbed IPStorm (InterPlanetary Storm). Recently, new Linux variants of IPStorm are discovered targeting various Linux architectures (ARM, AMD64, Intel 80386) and platforms (servers, Android, IoT). Additionally, a macOS variant is also detected. IPStorm is a botnet that abuses a legitimate Peer-to-peer (p2p) network called InterPlanetary File System (IPFS) as a means to obscure malicious traffic. It was found the malware eventually allowed attackers to execute arbitrary PowerShell commands on the victim’s machine.
The Linux variant has additional features over the documented Windows version, such as using SSH brute-force as a means to spread to additional victims and fraudulent network activity abusing Steam gaming and advertising platforms. The Linux variant has adjusted some features in order to account for the fundamental differences that exist between this operating system and Windows.
Block the threat indicators at their respective controls.