A brand new Mirai variant has been spotted to exploit nine vulnerabilities.
What’s going on?
- The new variant has been designed to exploit flaws in routers, DVRs, IP cameras, and products from vendors, such as AVTech, Symantec, Comtrend, MV Power, and D-Link.
- Among the nine vulnerabilities, one is an remote code execution (RCE) flaw in a Comtrend router model, tracked as CVE-2020-10173.
- Another flaw spotted is an RCE issue in Netlink GPON Router 1.0.11 that has already been exploited by a Bashlite strain.
- The new variant uses Telnet and Secure Shell (SSH) brute-forcing techniques to gain control of vulnerable devices.
- And it uses XOR encryption to hide credentials used to attack the targeted systems.
Other vulnerabilities exploited
- AVTECH IP Camera / NVR / DVR Devices – Multiple Vulnerabilities
- D-Link Devices – UPnP SOAP Command Execution
- MVPower DVR TV-7104HE 1.8.4 115215B9 – Shell Command Execution
- Symantec Web Gateway 188.8.131.52 Remote Code Execution
- ThinkPHP 5.0.23/5.1.31 – Remote Code Execution
The bottom line is that botnet developers are frequently upgrading their arsenal to cause maximum damage. Thus, staying safe by proactively analyzing and creating defenses against emerging threats is the advisable approach.