New Mirai Variant Targets Flaws in Cameras and Routers

Murdoc Botnet Uses Over 100 Distinct C2 Servers to Manage Infected Devices Prajeet Nair (@prajeetspeaks) • January 21, 2025

A new variant of the Mirai malware is exploiting vulnerabilities in cameras and routers to infiltrate devices, download payloads and integrate them into an expanding botnet.

See Also: Gartner Report | Magic Quadrant for SD-WAN

The Qualys Threat Research Unit uncovered "a large-scale, ongoing operation," dubbed the Murdoc Botnet, that is exploiting known vulnerabilities, including CVE-2024-7029 and CVE-2017-17215, to target users of AVTECH cameras and Huawei HG532 routers.

The malware employs enhanced shell scripts and ELF files. Compromised devices communicate with a command-and-control network, enabling attackers to orchestrate distributed denial-of-service attacks.

Qualys tracked over 1,300 active internet protocol addresses linked to Murdoc since its emergence in July 2024. The botnet's primary targets include Internet of Things devices used for consumer and small-to-medium business purposes.

AVTECH is a Taiwanese manufacturer ...