[SingCERT] Alert on New Silex Malware on IoT Devices

Published on 27 Jun 2019

Updated on 07 Jan 2020


A new Internet of Things (IoT) malware, dubbed Silex, is affecting IoT devices such as routers and IP cameras with telnet (port 23) service running on its Internet-facing interface.

The malware attempts to gain access to IoT devices by using default and widely-used telnet credentials, and corrupts the device by filling its storage, removing its firewall and network configurations, and halting the device, thus rendering it unusable.

Affected Systems

IoT devices with:

  • Busybox running
  • Telnet listening on port 23
  • Factory default credentials

A corrupted device is unusable until its firmware is reinstalled.


Systems administrators are advised to change the IoT factory default credentials; and to use a long and random password/passphrase which comprises a mix of uppercase and lowercase letters, numbers, and symbols.

Systems administrators are advised to close the telnet on the Internet-facing network interface.