Abstract
During the past decade, the Internet of Things (IoT) has paved the way for the ongoing digitization of society in unique ways. Its penetration into enterprise and day-to-day lives improved the supply chain in numerous ways. Unfortunately, the profuse diversity of IoT devices has become an attractive target for malware authors who take advantage of its vulnerabilities. Accordingly, enhancing the security of IoT devices has become the primary objective of industrialists and researchers. However, most present studies lack a deep understanding of IoT malware and its various aspects. As understanding IoT malware is the preliminary base of research, in this work, we present an IoT malware taxonomy with 100 attributes based on the IoT malware categories, attack types, attack surfaces, malware distribution architecture, victim devices, victim device architecture, IoT malware characteristics, access mechanisms, programming languages, and protocols. In addition, we have mapped these categories into 77 IoT Malwares identified between 2008 and 2022. Furthermore, To provide insight into the challenges in IoT malware research for future researchers, our study also reviews the existing IoT malware detection works.