Attacks exploiting a critical zero-day vulnerability impacting discontinued AVTECH AVM1203 security cameras, tracked as CVE-2024-7029, have been launched to facilitate the distribution of the Corona Mirai malware variant since March, Ars Technica reports.
Such a flaw targets a security issue known since 2019 and could be leveraged to facilitate code injection, a report from Akamai showed. Further analysis showed that the bug has been used to execute a JavaScript file deploying the Mirai variant. "...[T]he botnet is likely using the Corona Mirai variant, which has been referenced by other vendors as early as 2020 in relation to the COVID-19 virus. Upon execution, the malware connects to a large number of hosts through Telnet on ports 23, 2323, and 37215. It also prints the string "Corona" to the console on an infected host," said researchers. Organizations with the impacted AVTECH cameras have been urged to immediately upgrade to newer versions as patches are no longer expected.
