Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

New Bashlite malware wants your Belkin WeMo smart plugs for cryptocurrency mining

The age of smart devices might bring convenience to our homes, but it also comes with additional potential dangers, including the risk of devices being infected by malware. Trend Micro has discovered a new version of the Bashlite malware, which is specifically designed to attack Belkin Wemo smart devices.

Launched in 2014, Bashlite was developed to infect Linux machines, adding them to a botnet that can be used to launch distributed denial-of-service (DDoS) attacks to bring down targeted systems.

Read more: Best security camera

Thanks to the prevalence of Linux in internet of things (IoT) devices, including many smart home products, Bashlite has found these products to be its home more so than infecting Linux computers.

According to the Trend Micro blog, the latest version of Bashlite adds some new capabilities, including new DDoS commands, and new ones that give the malware cryptocurrency mining capabilities − something that may prove valuable to criminals, given the recent rise in price of Bitcoin.

Interestingly, the new Bashlite variant has been designed to infect Belkin WeMo devices, such as the excellent Wemo Insight Switch − that’s one of our top choices on our best smart plugs list.

Interestingly, the new version of Bashlite has been developed to use a publicly-available Metasploit module, designed to be used with the Metasploit security testing tool to test defences.

How bad is the problem? Well, not that bad. Although Trend Micro has seen the new malware in the wild, the issue shouldn’t be too bad for most consumers. According to an official statement from Belkin, “Belkin is committed to product and customer security. The vulnerability described in this article was detected and remediated in 2015 for all affected devices.”

The advice is to make sure that all of your WeMo devices are up-to-date and running the latest firmware. That advice goes for all of your connected devices, as new firmware doesn’t just bring new features, it also protects against known vulnerabilities and can keep your devices safe.

Read more: 4 ways the smart home needs to improve

Bashlite isn’t the only known malware to infect IoT devices, with the well-known Mirai botnet causing trouble back in 2016. With more and more smart devices, better protection is required, including adding security at the gateway, something that F-Secure has with its Sense router and Netgear is doing by adding the Bitdefender-powered Armor to its Orbi mesh system and high-end routers.

Why trust our journalism?

Founded in 2003, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.