A new Mirai-Like IoT Botnet is growing in a new mysterious campaign

Haythem Elmir

Malware researchers at Check Point have uncovered a new massive IoT botnet that presented many similarities with the dreaded Mirai.

The new thing bot emerged at the end of September and appears much more sophisticated, according to the experts the malware already infected more than one million organizations worldwide.

The malicious code tries to exploit many known-vulnerabilities in various IP camera models, including GoAhead, D-Link, TP-Link, AVTECH, NETGEAR, MikroTik, Linksys, and Synology.

The experts speculate that the malware once compromised a device use it to spread itself.

While investigating the compromise of a GoAhead device the experts noticed that the attackers accessed the System.ini file. This file would contain the credentials of the user, but on the compromised IoT device it contained a ‘Netcat’ command to open a reverse shell to the attacker’s IP.

The attackers triggered the CVE-2017-8225 to hack into the IoT device. The experts verified that the botnet relies on compromise bots to sending out the infection.

To read the original  article:


Laisser un commentaire

Next Post

Proton malware spreading through supply-chain attack, victims should wipe their Macs

Bad news for Mac users, a new malware is threatening them of a complete system wipe and reinstall. Crooks are distributing the malware in legitimate applications, the popular Elmedia Player and download manager Folx developed by the Elmedia Player who confirmed the threat. The latest versions of both apps came with the OSX.Proton […]