Avast analysts have reported that the Hide’N Seek robot network continues to grow by infecting vulnerable connected devices that still use default passwords. This botnet has two main features. The first is the use of a scanner borrowed from Mirai’s source code to access random IP addresses of IoT devices and abuse well-known exploits. If this does not work, the scanner tries to brute force a connected device using a list of hard-coded default passwords. For its second feature, the IoT botnet uses a peer-to-peer (P2P) protocol to share information about new binaries and extract files from an infected device. Bitdefender researchers were the first to spot the Hide’N Seek botnet in January 2018. The evolution of the botnet is extremely worrying given the overall increase in IoT-related threats. During the first half of 2018, Kaspersky Lab detected 121,588 samples of IoT malware, three times more than in 2017.