Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet

"IoT devices are increasingly prime targets for large-scale attacks due to their widespread use, lack of patching, and often weak security settings. Threat actors continue exploiting known vulnerabilities to gain initial access and deploy malware that can persist, spread, and cause distributed denial-of-service (DDoS) attacks."

"Nexcorium has a similar architecture to the Mirai variant, including XOR-encoded configuration table initialization, watchdog module, and DDoS attack module."

Security flaws in TBK DVR and end-of-life TP-Link routers are being exploited to deploy Mirai-botnet variants. The CVE-2024-3721 vulnerability affects TBK DVR-4104 and DVR-4216 devices, allowing attackers to deliver a variant called Nexcorium. IoT devices are prime targets due to their widespread use and weak security. The vulnerability has been previously exploited to deploy other botnets. The attack involves dropping a downloader script that executes the botnet payload, which includes features similar to Mirai and targets additional devices through known exploits.

#iot-security #malware #botnets #cybersecurity #vulnerabilities

Read at The Hacker News

Unable to calculate read time

Collection

[

...

]

Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS BotnetMirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet Briefly

Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet
Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet
Briefly