Vulnerability Management, Malware, Threat Intelligence

Mirai variant deployed via AVTECH security camera exploit

Share
Novel Mirai-based DDoS botnet exploits 0-days to infect routers and security cameras

Attacks exploiting a critical zero-day vulnerability impacting discontinued AVTECH AVM1203 security cameras, tracked as CVE-2024-7029, have been launched to facilitate the distribution of the Corona Mirai malware variant since March, Ars Technica reports.

Such a flaw targets a security issue known since 2019 and could be leveraged to facilitate code injection, a report from Akamai showed. Further analysis showed that the bug has been used to execute a JavaScript file deploying the Mirai variant. "...[T]he botnet is likely using the Corona Mirai variant, which has been referenced by other vendors as early as 2020 in relation to the COVID-19 virus. Upon execution, the malware connects to a large number of hosts through Telnet on ports 23, 2323, and 37215. It also prints the string "Corona" to the console on an infected host," said researchers. Organizations with the impacted AVTECH cameras have been urged to immediately upgrade to newer versions as patches are no longer expected.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds