23 November 2023

Mirai-based botnet targets routers and video recorders via zero-day flaws


Mirai-based botnet targets routers and video recorders via zero-day flaws

A new Mirai-based malware named 'InfectedSlurs' is exploiting two remote code execution zero-day vulnerabilities to ensnare routers and video recorder (NVR) devices into a distributed denial-of-service (DDoS) botnet.

The new campaign was discovered by Akamai researchers who are keeping the technical details of two zero-days under wraps until vendors release security patches sometime in December 2023. Akamai also withheld information on affected brands and models.

The attacks were first spotted against Akamai’s honeypots in late October 2023.

“The payload targets routers and network video recorder (NVR) devices with default admin credentials and installs Mirai variants when successful,” the company said.

The InfectedSlurs botnet primarily uses the older JenX Mirai malware variant discovered in January 2018. The researchers said they identified additional malware linked to the hailBot Mirai variant developed based on the Mirai source code.

“While JenX primarily contained the filename of "jkxl", the assumed hailBot file names included the string "skid". Additionally, one of the unique identifiers for hailBot is the console string "hail china mainland" that is printed upon successful compromise of a system,” Akamai said.

The researchers said they found mentions of some of the command-and-control infrastructure in a now-deleted Telegram account in a DDoS marketplace channel, DStatCC.

Akamai has shared Snort and YARA rules along with Indicators of Compromise to help defenders identify exploit attempts and possible infections in their environments.

Back to the list

Latest Posts

Rockstar 2FA phishing-as-a-service targets Microsoft 365 users with AiTM attacks

Rockstar 2FA phishing-as-a-service targets Microsoft 365 users with AiTM attacks

Rockstar 2FA appears to be an updated version of the DadSec (also known as Phoenix) phishing kit.
2 December 2024
Phishing campaign targeting tax professionals in Ukraine with Litemanager malware

Phishing campaign targeting tax professionals in Ukraine with Litemanager malware

CERT-UA attributes the activity to the financially motivated group UAC-0050.
2 December 2024
Hackers steal $17M from Uganda's central bank

Hackers steal $17M from Uganda's central bank

The attackers breached the central bank’s IT systems earlier this month and transferred the funds to various accounts.
2 December 2024