MalwareMay 28, 2026

#TuxBot v3 Evolution: IoT malware/C2 framework tied to AISURU/Keksec. Self-ID "Akiru." 30-plus ex...

TuxBot v3 IoT malware framework linked to AISURU/Keksec targets 30+ exploits with encrypted C2

Summary

TuxBot v3, an evolved IoT malware and command-and-control framework attributed to threat groups AISURU and Keksec, has been discovered with self-identification as "Akiru." The malware targets over 30 known exploits, incorporates 1,496 credential pairs, uses encrypted C2 communications, and employs domain generation algorithms (DGA) for resilience. Analysis reveals developers leveraged LLMs to port exploits and generate code, leaving detectable artifacts in compiled binaries.

Indicators of Compromise

malware — TuxBot v3
malware — Akiru

Entities

AISURU (threat_actor)Keksec (threat_actor)TuxBot v3 (campaign)Domain Generation Algorithm (DGA) (technology)LLM (Large Language Model) (technology)