Security researchers from Trend Micro have uncovered a new version of the Mirai Internet of Things (IoT) botnet, which includes an exploit for the CVE-2020-10173 vulnerability affecting Comtrend routers.
The Mirai botnet was discovered in 2016, and in October of the same year its source code was leaked online. Since then, numerous distributed denial of service (DDoS) botnets have been built using Mirai source code, with several of them emerging over the past months alone, including SORA, UNSTABLE, and Mukashi.
The researchers said that the new Mirai variant is the first botnet version that incorporates the exploit for CVE-2020-10173, which is an authenticated command injection vulnerability in the Comtrend VR-3033 routers. The flaw allows a remote attacker to compromise the network managed by the router.
This vulnerability is exploited along nine other security flaws impacting routers, IP cameras, and other IoT devices.
“The vulnerabilities used by this Mirai variant consist of a combination of old and new that help cast a wide net encompassing different types of connected devices. The nine vulnerabilities used in this campaign affect specific versions of IP cameras, smart TVs, and routers, among others,” Trend Micro said.
The discovered Mirai variant also includes an exploit for a relatively recent bug in Netlink GPON routers that was also reportedly exploited by the Hoaxcalls botnet.
Aside from the above mentioned flaws, this variant makes use of mostly old vulnerabilities, including flaws in AVTECH IP Camera / NVR / DVR devices, D-Link devices, MVPower DVRs, Symantec Web Gateway, and ThinkPHP.
“The use of CVE-2020-10173 in this variant’s code shows how botnet developers continue to expand their arsenal to infect as many targets as possible and take advantage of the opening afforded by unpatched devices. Newly discovered vulnerabilities, in particular, offer better chances for cybercriminals. Users, not knowing that a vulnerability even exists, might be unable to patch the device before it is too late,” the researchers concluded.