A new Internet of Things (IoT) botnet has so far targeted over 1,000 Internet Protocol (IP) camera models based on various original equipment manufacturer (OEM) products.
Called Persirai, the new malware has been working on infecting Chinese-made wireless cameras since April, cyber security company Trend Micro researchers said in a blog post. The malware managed to infect so many devices by exploiting flaws in the cameras reported back in March.
This move comes on the heels of Mirai — an open-source backdoor malware that caused some of the most notable incidents of 2016 via Distributed Denial-of-Service (DDoS) attacks that compromised IoT devices such as Digital Video Recorders (DVRs) and CCTV cameras — as well as the Hajime botnet.
With the latest development, Trend Micro researchers noticed over the past month a new malware spreading by exploiting those very same products affected by the reported vulnerability.
After running a Shodan search, there are about 120,000 cameras vulnerable to the malware.
The purpose of this malware, is to infect these cameras and form a botnet, much like it always happens with IoT malware. These botnets can carry out DDoS attacks in order to force sites offline. So far, the botnet Persirai hasn’t been used for any website attacks, but that’s mostly because it seems like its creators are still testing the waters.
An interesting fact about this malware, is once it infects a device, it blocks anyone else from exploiting the same vulnerabilities, researchers said.
While it carries a different code, it does borrow some certain functions from Mirai, namely to scan the Internet for new devices to infect.
The name of the manufacturer has not been released and will remain undisclosed until the patch is published.