Malware, Security Operations, IoT, Vulnerability Management

Nexcorium malware targets IoT devices, leverages Mirai variant for DDoS attacks

botnet bot-net computer virus

Coverage from HackRead indicates a new malware, Nexcorium, has emerged, posing a significant threat to smart devices globally. This sophisticated threat is an evolution of the notorious Mirai malware, specifically engineered to construct a botnet by compromising Internet of Things (IoT) devices for large-scale distributed denial of service (DDoS) attacks.

Nexcorium primarily targets video recording boxes for security cameras, particularly TBK DVR-4104 and DVR-4216 models, due to their inherent security weaknesses and infrequent updates. Attackers exploit CVE-2024-3721, a command injection vulnerability, to gain unauthorized access and execute malicious code. The malware exhibits multi-architecture compatibility, making it adaptable to various processors. It employs robust persistence mechanisms, including self-replication across multiple folders and automatic task setup, making it difficult to remove. To expand its reach, Nexcorium utilizes a comprehensive list of default passwords and brute-force techniques to compromise other network-connected devices, aiming to bolster its botnet for launching DDoS attacks.

Experts emphasize that continuous adversarial testing, mirroring real-world attacker behavior, is essential for organizations to effectively identify and mitigate risks beyond traditional security scanning, especially for devices often overlooked in security assessments.

Source: HackRead

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds