Developing a secure information processing environment highly depends on securing all the layers and devices in the environment. Edge/Fog computing environments are no exception in this case, and the security of these environments highly depends on securing Internet of Things (IoT) devices which are the most vulnerable devices throughout the environment. The adoption of Edge/Fog computing paradigms by new emerging technologies has stimulated malware development for IoT platforms. Recent attacks initiated by IoT malware show that these attacks have a tremendous impact on compromised systems in terms o the Quality of Service because of the number of infected IoT devices. In the light of these developments, there is an enormous need for efficient solutions. However, defense capabilities against these new malware types are highly constrained by the limited understanding of these new emerging paradigms and the lack of access to malware samples. This study mainly focuses on IoT malware to understand the behaviors of malware in the most vulnerable layer of the Edge/Fog computing environments. Mainly, 64 IoT malware families are identified from 2008 when the first known IoT malware emerged to October 2022. These malware families are systematically characterized by various aspects, including target architecture, target device, delivery methods, attack vectors, persistence techniques, and their evolution from existing malware. During this characterization process, two different investigation frameworks, 'Cyber Kill Chain' and 'Mitre ATT&CK for ICS,' have been adopted in the different investigation layers. This paper aims to bring light to future researches with the presented features of the IoT malware.