Security News > 2023 > November > New botnet malware exploits two zero-days to infect NVRs and routers
A new Mirai-based malware botnet named 'InfectedSlurs' has been exploiting two zero-day remote code execution vulnerabilities to infect routers and video recorder devices.
The malware hijacks the devices to make them part of its DDoS swarm, presumably rented for profit.
The botnet leverages an undocumented RCE flaw to gain unauthorized access to the device.
"The SIRT did a quick check for CVEs known to impact this vendor's NVR devices and was surprised to find that we were looking at a new zero-day exploit being actively leveraged in the wild," reads Akamai's report.
Looking closer into the campaign, Akamai discovered that the botnet also targets a wireless LAN router popular among home users and hotels, which suffers from another zero-day RCE flaw leveraged by the malware.
Given the lack of a patch for the affected devices, rebooting your NVR and rooter devices should temporarily disrupt the botnet.
News URL
Related news
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
- PolarEdge Botnet Exploits Cisco and Other Flaws to Hijack ASUS, QNAP, and Synology Devices (source)
- Vo1d malware botnet grows to 1.6 million Android TVs worldwide (source)
- ⚡ THN Weekly Recap: Alerts on Zero-Day Exploits, AI Breaches, and Crypto Heists (source)
- Ballista Botnet Exploits Unpatched TP-Link Vulnerability, Targets Over 6,000 Devices (source)
- TP-Link Router Botnet (source)
- APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373) (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)
- RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features (source)