Spawn of Demonbot Attacks IoT Devices

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
Threat researchers have spotted a new kind of cyber-attack that uses a variant of Mirai malware to target a port used by IoT devices.

The attack, orchestrated by someone using the alias "Priority," was detected by a team at Juniper Threat Labs. Priority appears to have been up to no good since September 10.

Researchers noted that this new malicious kid on the block is hitting port 60001 using the Demonbot variant of Mirai together with a second variant developed by Scarface.

Port 60001 is a common port used by IoT devices, most notably the Defeway cameras, which make up over 90% of all cameras using this port. These cameras are being installed within networks with no password protection.

"While the users feel they are simply giving themselves access to view their camera from anywhere, it is actually giving attackers the ability to install botnets, such as Mirai, on the device," said Juniper's Jesse Lands.

Priority has been observed attacking ports 5500, 5501, 5502, 5050, and 60001 with a simple command that leverages the MVPower DVR Shell Unauthenticated Command Execution, reported by Unit 42 as part of the Omni Botnet variant of Mirai.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top