Ubiquiti just published their tool to remove malware attacking UBNT devices in last days. Unfortunatelly, this tool is interactive and therefore not very suitable for batch removal of this malware.
This repository contain scripts that can be used to automatize removal of that malware using tool provided by Ubiquiti.
It consist of 2 scripts - one for scanning given subnet and the second one is expect script, that feeds input into provided Ubiquiti CureMalware.jar. Scanning is based on fact that it's known that this malware changes username to mother and password to fucker. Script tries to connect to every host with SSH opened with that username and password.
expect, sshpass, java and nmap is needed for using this scripts. You also need to download ubnt tool cureMalware-0.7.jar (from http://www.ubnt.com/downloads/XN-fw-internal/tools/CureMalware-0.7.jar) into working dir.
##Usage:
./remove_malware.sh <subnet>
subnet should be given in nmap format, for example 192.168.1.0/24
##Dislaimer
Use at your own risk. I'm not connected to Ubiquiti company.