2 min Security

Mirai variant Murdoc_Botnet targets cameras and routers

Mirai variant Murdoc_Botnet targets cameras and routers

A new variant of the infamous Mirai malware has been discovered. Murdoc_Botnet targets AVTech cameras and Huawei routers, raising concerns about the security of IoT devices.

Researchers at Qualys discovered this. What distinguishes Murdoc_Botnet from previous Mirai variants is its focus on specific hardware. The malware exploits known vulnerabilities in AVTech cameras and certain models of Huawei routers. This targeted nature makes the threat serious for organizations that have these devices.

Murdoc_Botnet uses ELF files and shell script to get onto the devices. The scripts exploit two CVE vulnerabilities to deploy malware payloads and establish connections to command-and-control servers. To do this, the cybercriminals have more than 100 servers that perform malware management. For example, the servers communicate with infected cameras and routers to orchestrate payload execution.

Recommendations

Users of AVTech cameras and Huawei routers are recommended to perform firmware updates and implement strong, unique passwords. They are also recommended to apply network segmentation and isolate IoT devices from critical systems.

Variants of the Mirai botnet pop up regularly. Last summer, for example, we saw other IP cameras from AVTech being abused. Due to a vulnerability, cybercriminals managed to use the cameras to set up botnets.

Tip: Outdated ip camera spreads Mirai malware