CyberSecurity news
FlagThis
Mike Moore@techradar.com
//
A new wave of cyberattacks is targeting Internet of Things (IoT) devices through both the Mirai botnet and BadBox 2.0 malware. Cybersecurity researchers have discovered a new variant of the Mirai botnet that exploits a critical vulnerability, CVE-2024-3721, in TBK DVR devices. This vulnerability allows attackers to remotely deploy malicious code on digital video recording systems commonly used for surveillance. Kaspersky GReAT experts have described the new features of this Mirai variant, noting that the latest botnet infections specifically target TBK DVR devices.
Simultaneously, the FBI has issued a warning about the dangerous BadBox 2.0 malware, which has already infected over a million devices, including smart TVs, streaming boxes, digital projectors, and tablets. These devices, often cheap, off-brand, Android-powered units, are being hijacked to form a global botnet used for malicious activities such as ad fraud, click fraud, and distributed denial-of-service (DDoS) attacks. The compromised devices are turned into residential proxies, which are then sold or provided for free to cybercriminals, enabling a wide range of illicit activities.
The Mirai botnet leverages a vulnerability in TBK DVR devices, enabling unauthorized system command execution. Attackers send targeted POST requests to vulnerable endpoints, containing encoded shell commands to download and execute ARM32 binary payloads. This streamlined approach allows for efficient infection, bypassing traditional reconnaissance phases. Meanwhile, BadBox 2.0 often comes preloaded on devices or is transferred through malicious firmware updates and Android applications. Once infected, devices become part of a botnet that cybercriminals exploit for various nefarious purposes, highlighting the persistent threat IoT devices pose to cybersecurity.
ImgSrc: cdn.mos.cms.fut
References :
Simultaneously, the FBI has issued a warning about the dangerous BadBox 2.0 malware, which has already infected over a million devices, including smart TVs, streaming boxes, digital projectors, and tablets. These devices, often cheap, off-brand, Android-powered units, are being hijacked to form a global botnet used for malicious activities such as ad fraud, click fraud, and distributed denial-of-service (DDoS) attacks. The compromised devices are turned into residential proxies, which are then sold or provided for free to cybercriminals, enabling a wide range of illicit activities.
The Mirai botnet leverages a vulnerability in TBK DVR devices, enabling unauthorized system command execution. Attackers send targeted POST requests to vulnerable endpoints, containing encoded shell commands to download and execute ARM32 binary payloads. This streamlined approach allows for efficient infection, bypassing traditional reconnaissance phases. Meanwhile, BadBox 2.0 often comes preloaded on devices or is transferred through malicious firmware updates and Android applications. Once infected, devices become part of a botnet that cybercriminals exploit for various nefarious purposes, highlighting the persistent threat IoT devices pose to cybersecurity.
ImgSrc: cdn.mos.cms.fut
Share:
References :
- cyberpress.org: New Mirai Botnet Variant Exploits TBK DVR Vulnerability to Deploy Malicious Code
- The Record: TV streaming devices, digital projectors and other IoT devices are being infected with BadBox 2.0 malware after the original campaign was stifled by German law enforcement.
- Securelist: Analysis of the latest Mirai wave exploiting TBK DVR devices with CVE-2024-3721
- cyberinsider.com: New Mirai Botnet Variant Targets Flaw in 50,000 Exposed TBK DVRs
- therecord.media: TV streaming devices, digital projectors and other IoT devices are being infected with BadBox 2.0 malware after the original campaign was stifled by German law enforcement.
- Cyber Security News: Cybersecurity researchers have discovered a new variant of the notorious Mirai botnet that exploits a critical vulnerability in TBK DVR devices to deploy malicious code remotely.
- gbhackers.com: New Mirai Variant Exploits TBK DVR Flaw for Remote Code Execution
- securityonline.info: New Mirai Botnet Variant Targets DVR Systems via CVE-2024-3721
- securityonline.info: New Mirai Botnet Variant Targets DVR Systems via CVE-2024-3721
- gbhackers.com: New Mirai Variant Exploits TBK DVR Flaw for Remote Code Execution
- www.bleepingcomputer.com: A new variant of the Mirai malware botnet is exploiting a command injection vulnerability in TBK DVR-4104 and DVR-4216 digital video recording devices to hijack them.
- CyberInsider: New Mirai Botnet Variant Targets Flaw in 50,000 Exposed TBK DVRs
- securityaffairs.com: BadBox 2.0 botnet infects millions of IoT devices worldwide, FBI warns
- securityaffairs.com: New Mirai botnet targets TBK DVRs by exploiting CVE-2024-3721
Classification:
- HashTags: #IoTsecurity #MiraiBotnet #BadBox
- Company: Kaspersky
- Target: IoT devices
- Product: DVR devices
- Feature: DDoS
- Malware: Mirai
- Type: Malware
- Severity: Major