BTC $65266.0064
ETH $3170.2759
BNB $579.9567
SOL $151.5810
stETH $3170.3792
XRP $0.5307
DOGE $0.1622
TON $6.2152
ADA $0.5047
AVAX $37.5087
wstETH $3690.1011
WBTC $65350.8728
DOT $7.1858
WETH $3168.2550
TRX $0.1112
BCH $512.3933
LINK $14.9136
MATIC $0.7262
ICP $15.2978
UNI $7.8248
LTC $85.1449
DAI $1.0008
RNDR $9.1190
CAKE $2.9399
IMX $2.1935
STX $2.8650
ETC $27.9082
FDUSD $0.9998
MNT $1.2003
NEAR $6.3271
FIL $6.6129
OKB $55.7832
HBAR $0.0909
TAO $475.1056
VET $0.0423
WIF $3.0785
ATOM $8.6865
MKR $3070.6157
KAS $0.1185
FET $2.4759
GRT $0.2860
INJ $29.1371
PEPE $0.0000
USDE $0.9998
XLM $0.1150
THETA $2.2569
XMR $121.6010
BTC $65266.0064
ETH $3170.2759
BNB $579.9567
SOL $151.5810
stETH $3170.3792
XRP $0.5307
DOGE $0.1622
TON $6.2152
ADA $0.5047
AVAX $37.5087
wstETH $3690.1011
WBTC $65350.8728
DOT $7.1858
WETH $3168.2550
TRX $0.1112
BCH $512.3933
LINK $14.9136
MATIC $0.7262
ICP $15.2978
UNI $7.8248
LTC $85.1449
DAI $1.0008
RNDR $9.1190
CAKE $2.9399
IMX $2.1935
STX $2.8650
ETC $27.9082
FDUSD $0.9998
MNT $1.2003
NEAR $6.3271
FIL $6.6129
OKB $55.7832
HBAR $0.0909
TAO $475.1056
VET $0.0423
WIF $3.0785
ATOM $8.6865
MKR $3070.6157
KAS $0.1185
FET $2.4759
GRT $0.2860
INJ $29.1371
PEPE $0.0000
USDE $0.9998
XLM $0.1150
THETA $2.2569
XMR $121.6010
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • New variant of Mirai botnet discovered: V3G4 infects routers and video cameras

    Malicious software exploits certain vulnerabilities and disables specified processes.

    Cybersecurity researchers at Palo Alto Networks Unit 42 have discovered a new variant of Mirai malware specifically targeting IoT devices. Experts have named this type of malware V3G4.

    Like the original Mirai botnet, V3G4 infects IoT devices using default login credentials. In a campaign monitored by Unit 42, one of V3G4's main targets was unsecured IP cameras.

    The malware uses exposed servers and devices to create a powerful botnet that can be used to launch DDoS attacks or other malicious activities such as stealing data or installing additional malware.

    The V3G4 malware exploited several vulnerabilities to spread infections from July to December 2022, the researchers said. Among them:

    CVE-2019-15107 - Command injection vulnerability in the web administration tool for Unix-like Webmin servers and services;
    CVE-2012-4869 - RCE vulnerability in the FreePBX Elastix PBX platform;
    CVE-2020-8515 - RCE vulnerability in DrayTek Vigor routers;
    CVE-2020-15415 - RCE vulnerability in DrayTek Vigor routers;
    CVE-2022-36267 - RCE vulnerability in Airspan AirSpot Wi-Fi antenna;
    CVE-2022-26134 - RCE vulnerability in Atlassian Confluence;
    CVE-2022-4257 - Command Injection Vulnerability in C-Data Web Device Management System.
    CVE-2017-5173 - RCE vulnerability in Geutebruck IP cameras;
    CVE-2014-9727 - RCE vulnerability in FRITZ!Box webcams;
    RCE vulnerability in a web application for hosting Gitorious open source projects;
    RCE vulnerability in Mitel AWC routers;
    Vulnerability in executing arbitrary commands on the Spree Commerce e-commerce platform;
    RCE vulnerability in FLIR thermal imaging cameras.

    Unit 42 experts note that these vulnerabilities have a lower attack complexity than previously discovered Mirai variants (MooBot, Demonbot, OMG, etc.), but they retain a critical security impact that can lead to remote code execution.

    The researchers also noted that the botnet client has a stop list of process names that it tries to exclude by cross-checking the names of currently running processes on the target host. These process names are associated with other botnet malware families and have previously identified different variants of Mirai.

    To protect against V3G4 and other malware that targets IoT devices, it is important to follow best practices for protecting IoT devices. This includes changing the default credentials, updating software regularly, and disabling unnecessary services and protocols. Network segmentation can also help contain the spread of malware if the device is infected.

    Author DeepWeb
    Hackers use Google Ads to spread FatalRAT malware again
    The new version of Medusa first deletes user files, and only then asks for a ransom

    Comments 0

    Add comment