The Bashlight IoT malware has been updated with cryptomining and backdoor commands targeting WeMo devices.The malware initially gained notoriety for its use in large scale DDoS attacks in 2014 but has recently switched over to infecting IoT devices and has even been known to exploit Shellshock to gain a foothold into vulnerable devices.
Bashlight only needs to check if the device is enabled with the WeMo UPnP API to target the device and doesn’t need to have a predetermined list of targets.
Source: SC Magazine