Security News > 2021 > December > Moobot botnet spreading via Hikvision camera vulnerability
A Mirai-based botnet called 'Moobot' is spreading aggressively via exploiting a critical command injection flaw in the webserver of many Hikvision products.
Among the various payloads that leverage CVE-2021-36260, Fortinet found a downloader masked as "MacHelper," which fetches and executes Moobot with the "Hikivision" parameter.
Fortinet's analysts have spotted common points between Moobot and Mirai, such as the data string used in the random alphanumeric string generator function.
Moobot features some elements from Satori, a different Mirai variant whose author was arrested and sentenced in the summer of 2020.
Overwriting the legitimate "MacHelper" file with the Moobot executable.
The goal of Moobot is to incorporate the compromised device into a DDoS swarm.
News URL
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-09-22 | CVE-2021-36260 | OS Command Injection vulnerability in Hikvision products A command injection vulnerability in the web server of some Hikvision product. | 9.8 |