Mirai Variants Still Threatening IoT Devices By Adding New Exploits In Comtrend Routers

Another new variant

• In July, a new variant of Mirai (detected as IoT.Linux.MIRAI.VWISI) was identified, spreading via Telnet and Secure Shell (SSH) brute-forcing methods, like all other Mirai variants. 
• One of the vulnerabilities exploited by it is CVE-2020-10173, a multiple authenticated command injection vulnerability in Comtrend VR-3033 routers, that is reportedly used for the first time by any Mirai variant. Another new vulnerability exploited affects the Netlink GPON router 1.0.11.
• Besides, it also exploits vulnerabilities in other popular brands including AVTECH IP Camera / NVR / DVR Devices, D-Link Devices, MVPower DVR, Symantec Web Gateway, and ThinkPHP.

Other recent Mirai variants

• In May, new campaigns of the Hoaxcalls and Mirai botnets observed targeting a post-authentication Remote Code Execution vulnerability in Symantec Secure Web Gateway 5.0.2.8.
• In March, another variant of Mirai malware dubbed Mukashi was seen taking advantage of a vulnerability (CVE-2020-9054) in Zyxel NAS devices to take control of them and add them to the botnet.
• In February, two new variants of Mirai, dubbed SORA and UNSTABLE, were identified, that were abusing a vulnerability (CVE-2020-6756) in the Rasilient video surveillance storage device.

What makes Mirai invincible?

Can it be stopped?