Skip to content
feed: live
>_ 0dayNews
threat intel
● Breaking

Unit 42: TuxBot v3 shipped LLM chain-of-thought in comments

Palo Alto Unit 42 documents TuxBot v3, an IoT botnet whose developer left an AI safety disclaimer and raw reasoning traces in the shipped binary.

Unit 42: TuxBot v3 shipped LLM chain-of-thought in comments
Image: 0dayNews / 0dayNews Editorial · All rights reserved
airgap airgap · Published · 3 min read

Confirmed: Palo Alto Networks Unit 42 disclosed TuxBot v3 Evolution today, July 15, 2026 — a previously unreported IoT botnet framework. Sample was already on VirusTotal on January 20, 2026, per Unit 42; the framework has been in the wild for at least six months before public disclosure. Confidence on the disclosure, the VirusTotal timestamp, and the framework’s existence: high, as reported.

Full Unit 42 writeup: TuxBot v3 Evolution. The Hacker News summary: TuxBot v3 Evolution Shows Signs of LLM-Assisted IoT Botnet Development.

What Unit 42 reports

Distribution: brute-force Telnet against a 1,496-pair credential list, plus prepackaged exploit code for 30+ IoT device families using known, previously disclosed vulnerabilities. Unit 42 does not enumerate specific CVE IDs in the public summary. Confidence: as-reported.

Architectures: ARM, MIPS, MIPSEL, MIPS64, x86_64, PowerPC, RISC-V. That is the standard IoT malware target set.

Command and control on the primary channel:

  • TCP 1999 / 31337 — encrypted command dispatch.
  • TCP 2222 — SSH interactive shell for operators.
  • TCP 9999 — JSON interface for programmatic access.

Fallback channels: SHA512 domain-generation algorithm, Ed25519-signed P2P gossip, IRC, DNS TXT queries, HTTP polling. Five fallbacks in one framework. None of these is novel individually; the stacking is what makes a takedown awkward. Confidence on the port layout and the fallback list: as-reported.

Lineage per Unit 42: Mirai, AISURU, Wuhan botnets, plus partial code lifted from the MHDDoS Python DDoS toolkit. Not a clean-room build.

The LLM tell

Unit 42 flagged two artifacts that a competent developer would not have shipped:

“While the AI complied with their request to generate botnet code, it included a safety disclaimer that the developer failed to remove before shipping.”

And:

“Multiple files contain raw LLM chain-of-thought reasoning left verbatim in comments.”

Unit 42 also confirmed that several functions in the analyzed samples failed to work correctly. Confidence on all three observations: high, as reported by Unit 42.

The tell is not that an LLM was used. The tell is that the developer ran the LLM output through no review, no compile-test, no removal of the safety string. Both symptoms come from the same habit.

What this is not

This is not an LLM being used to operate the botnet in real time — that story ran yesterday and Sunday around bandcampro, a separate Russian-speaking actor abusing the Gemini CLI as an agent. See our prior coverage: Trend Micro on bandcampro and Gemini CLI. TuxBot v3 is an LLM being used to write the code, and being used badly. Distinct category, distinct threat model. Do not conflate the two.

IOCs

Unit 42 published the following public indicator with the writeup. Confidence: as-reported.

  • SHA256 sample hash: 71dfbb171eca4ef9d02ff630b56e5283bbef7b375d4dbe9e8c9531bef312fa8d

What to do

Narrow, load-bearing items, in order:

  1. Feed the sample hash to EDR and network detection tooling. One hit on any host is worth pulling apart.
  2. Audit Telnet exposure. Any IoT device with TCP 23 or 2323 reachable from the public internet is a candidate for the 1,496-pair credential sweep. Not a hypothesis — a stated distribution method.
  3. Segment IoT VLANs off management networks. Standing advice restated because the 30+ exploit families this framework carries are all public and all patched upstream; the compromise path is unpatched IoT gear reachable from the flat corporate LAN, not a novel bug.
  4. Block outbound to the listed C2 ports at the edge where business use does not need them: 1999, 31337, 2222, 9999. DNS monitoring for high-entropy TXT-record traffic remains the harder catch.

Confidence on the above as defensive posture: high — they address the reported distribution and C2 layout. Confidence that this list is exhaustive: unconfirmed — treat accordingly.

Timeline

  • ~January 2025 (prior year) — development commences, per Unit 42’s estimate.
  • January 20, 2026 — a TuxBot v3 Evolution sample is uploaded to VirusTotal.
  • July 15, 2026 — Unit 42 publishes the analysis; The Hacker News covers it the same day.

We will update if Unit 42 or another vendor names an operator, a victim pool, or a specific IoT-vendor exploit chain.

Sources

Found this useful? Share it.