Mirai malware<\/a>, which powered last month’s historic DDoS attack against KrebsOnSecurity was discovered on GitHub. This provides hackers with an easier opportunity to construct new botnets, potentially placing millions of IoT devices at risk.<\/p>\nMalware is an invaluable weapon for cybercriminals, enabling them to launch DDoS attacks against websites, web applications, APIs and other IT infrastructure by flooding them with automated requests. This enables highly disruptive and destructive attacks which often involve blackmailing victims in order to extract protection money.<\/p>\n
Once an infected device is compromised, it can be turned into a zombie that can be remotely controlled by the malware creator. It will then be connected to central command and control (C&C) infrastructure which could then launch DDoS attacks against other computers and networks around the world.<\/p>\n
According to a recent report, the Mirai botnet has seen an exponential rise in popularity since it was released into the wild. Researchers have discovered multiple variants of this malware, each with unique capabilities that make detection and blocking more challenging.<\/p>\n
Due to this, threat actors have started selling access to botnets built with Mirai source code to hackers who seek new ways of breaching organizations and stealing confidential data. According to Intel471, Mirai has significantly contributed to the growth of the Internet of Things (IoT) malware market and many more similar botnets are likely to appear in the future.<\/p>\n
The botnet scans the Internet for IoT devices protected by factory default or hardcoded usernames and passwords, then attempts to crack them using brute-force methods. After obtaining login credentials, it connects to C&C infrastructure and launches attacks against targets.<\/p>\n
However, even after your device has been infiltrated by Mirai, it may still be possible to stop its attacks by exploiting a stack buffer overflow vulnerability in its code. Scott Tenaglia of Endpoint firm Invincea reported finding three vulnerabilities in Mirai’s code; one of which can be used to crash HTTP flood attacks against it.<\/p>\n
Gafgyt<\/h2>\n IoT botnets have become a common tool in cybercrime, enabling threat actors to launch distributed denial-of-service (DDoS) attacks and steal sensitive information. Security firms have recently tracked various IoT malware botnets and observed their popularity increasing. Particularly popular among cybercriminals are Mirai and Gafgyt botnets which can quickly be modified with new exploits by malicious actors.<\/p>\n
The malware source code was discovered on GitHub, a public repository for software and applications. Malware authors often use GitHub to publish their code, making it accessible to the public. This makes it easier for attackers to identify vulnerabilities and use them to infect millions of IoT devices with malicious code.<\/p>\n
In this instance, malware is targeting routers manufactured by Huawei and Asus that have known security flaws. To protect these devices, researchers suggest updating their firmware and software as well as changing default credentials.<\/p>\n
Gafgyt also plans to exploit other IoT devices like cameras, DVRs and printers by employing various DDoS attacks such as UDP flooding and sendHTTPHex; similar to the TCP flood attacks seen in leaked Mirai source code.<\/p>\n
This campaign also targets SonicWall’s Global Management System and Apache Struts, two web application frameworks. These vulnerabilities could enable malicious actors to execute remote code execution, access sensitive information and launch DDoS attacks.<\/p>\n
The malware spreads by brute forcing, which involves connecting to random IP addresses and trying to login using default usernames and passwords. After failing, it reports back to a command and control (C2) server for further instructions.<\/p>\n
Keksec, a threat group specializing in crypto mining and DDoS attacks, appears to be running this campaign. Additionally, they own the Moobot botnet which could be utilized for targeted DDoS attacks against SOHO devices and IoT gadgets.<\/p>\n
Furthermore, the attackers behind this new campaign are targeting a broad range of IoT devices as well as Linux servers and Windows-based machines. This makes Gafgyt botnet an especially dangerous malware for network administrators to monitor, since its attack traffic log indicates coordinated attacks against multiple types of devices and services.<\/p>\n","protected":false},"excerpt":{"rendered":"
GitHub is a platform used by millions of people to host and distribute their software projects. Unfortunately, it has also become a prime target for cybercriminals. Malware experts have reported that GitHub has become a haven for malicious actors. These criminals clone legitimate repositories and inject malicious code into them. Recently, the source code for […]<\/p>\n","protected":false},"author":1,"featured_media":2790,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","inline_featured_image":false,"footnotes":"","_links_to":"","_links_to_target":""},"categories":[47],"tags":[],"acf":[],"yoast_head":"\n
GitHub Malware Source Code Puts IoT Devices at Risk - Propelex<\/title>\n \n \n \n \n \n \n \n \n \n \n \n \n\t \n\t \n\t \n \n \n \n\t \n\t \n\t \n