Security News > 2021 > December > Moobot botnet spreading via Hikvision camera vulnerability

Moobot botnet spreading via Hikvision camera vulnerability
2021-12-08 08:27

A Mirai-based botnet called 'Moobot' is spreading aggressively via exploiting a critical command injection flaw in the webserver of many Hikvision products.

Among the various payloads that leverage CVE-2021-36260, Fortinet found a downloader masked as "MacHelper," which fetches and executes Moobot with the "Hikivision" parameter.

Fortinet's analysts have spotted common points between Moobot and Mirai, such as the data string used in the random alphanumeric string generator function.

Moobot features some elements from Satori, a different Mirai variant whose author was arrested and sentenced in the summer of 2020.

Overwriting the legitimate "MacHelper" file with the Moobot executable.

The goal of Moobot is to incorporate the compromised device into a DDoS swarm.


News URL

https://www.bleepingcomputer.com/news/security/moobot-botnet-spreading-via-hikvision-camera-vulnerability/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-09-22 CVE-2021-36260 OS Command Injection vulnerability in Hikvision products
A command injection vulnerability in the web server of some Hikvision product.
network
low complexity
hikvision CWE-78
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Hikvision 489 1 13 9 8 31