New Mirai variant leverages 11 new exploits and targets smart signage TVs and wireless presentation systems

• This new variant now uses 11 new exploits and targets LG Supersign TVs and WePresent WiPG-1000 wireless presentation systems.
• In addition to using new exploits in its multi-exploit battery, this new variant also includes new credentials to use in brute force attacks against devices.

In January 2019, Unit 42 discovered a new variant of the Mirai botnet that targets devices like routers, network storage devices, NVRs, and IP cameras using numerous exploits.

What’s new - In addition to that, this new variant now uses 11 new exploits and targets LG Supersign TVs and WePresent WiPG-1000 wireless presentation systems.

With the 11 new exploits, this Mirai variant uses a total of 27 exploits to target devices.

What are its capabilities - In addition to using new exploits in its multi-exploit battery, this new variant also includes new credentials to use in brute force attacks against devices.

• This new Mirai variant can use the same encryption scheme as is characteristic of Mirai with a table key of 0xbeafdead.
• It uses unusual default credentials for brute force such as admin:huigu309, root:huigu309, CRAFTSPERSON:ALC#FGU, and root:videoflow.
• Apart from scanning for other vulnerable devices, this new variant can also be commanded to send out HTTP Flood DDoS attack.

“These new features afford the botnet a large attack surface. In particular, targeting enterprise links also grants it access to larger bandwidth, ultimately resulting in greater firepower for the botnet for DDoS attacks,” researchers said.

What you should do to stay protected

• Researchers recommend organizations to be aware of the IoT devices on their networks and ensure that all devices are updated to the latest patched versions.
• They request organizations to reset the default passwords of all devices.
• In case if devices cannot be patched, then researchers suggest removing those devices from the network.