Tsunami

Tsunami, identified in April, is an IoT botnet that targets an unpatched remote code execution vulnerability in digital video recorder devices. Researchers say Tsunami is the first Linux malware to adopt virtual machine evasion techniques in order to defeat malware analysis sandboxes.

The vulnerability, which was publicly disclosed in 2016, is on DVR devices made by TVT Digital. Tsunami exploits this remote code execution vulnerability by scanning for and attacking vulnerable systems, then gaining full control of the device to launch broad DDoS attacks. Researchers say Tsunami has not yet been used to mount a large-scale attack.